Code Review / cps.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 850c4b8)
Test XEE in SonarQube 75/132875/1
authormpriyank <priyank.maheshwari@est.tech>
Thu, 5 Jan 2023 17:16:39 +0000 (17:16 +0000)
committermpriyank <priyank.maheshwari@est.tech>
Thu, 5 Jan 2023 17:16:43 +0000 (17:16 +0000)
- test by removing the attributes for transformerfactory to check if
  sonarqube gives the vulnerability or not

Issue-ID: CPS-1435
Change-Id: I087796b1bbc465655fd741f678a9b2b417d174dd
Signed-off-by: mpriyank <priyank.maheshwari@est.tech>
cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java patch | blob | history

diff --git a/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java b/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java
index 10949e7..096487f 100644 (file)
--- a/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java
+++ b/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java
@@ -49,8 +49,9 @@ import org.xml.sax.SAXException;
 @NoArgsConstructor(access = AccessLevel.PRIVATE)
 public class XmlFileUtils {
 
+    private static final DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
+    private static boolean isNewDocumentBuilderFactoryInstance = true;
     private static final TransformerFactory transformerFactory = TransformerFactory.newInstance();
-    private static boolean isNewTransformerFactoryInstance = true;
     private static final Pattern XPATH_PROPERTY_REGEX =
         Pattern.compile("\\[@(\\S{1,100})=['\\\"](\\S{1,100})['\\\"]\\]");
 
@@ -161,20 +162,16 @@ public class XmlFileUtils {
 
     private static DocumentBuilderFactory getDocumentBuilderFactory() {
 
-        final DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
-        documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
-        documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
+        if (isNewDocumentBuilderFactoryInstance) {
+            documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+            documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
+            isNewDocumentBuilderFactoryInstance = false;
+        }
 
         return documentBuilderFactory;
     }
 
     private static TransformerFactory getTransformerFactory() {
-        if (isNewTransformerFactoryInstance) {
-            transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
-            transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
-            isNewTransformerFactoryInstance = false;
-        }
-
         return transformerFactory;
     }
 }
"cps"