Code Review / policy / engine.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: e22a2b6)
Fix Fortify Issue - External Entity Injection 25/32625/4
authorguangxingwang <gw1218@att.com>
Thu, 22 Feb 2018 21:13:17 +0000 (15:13 -0600)
committerguangxingwang <gw1218@att.com>
Fri, 23 Feb 2018 19:21:48 +0000 (13:21 -0600)
Fix Fortify Issue by setting secure process of factory as true

Issue-ID: POLICY-551
Change-Id: I46890d2664d0ae9ed9540ba830d0f4b27136a6e9
Signed-off-by: guangxingwang <gw1218@att.com>
PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java patch | blob | history

diff --git a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java
index 0f38232..e17ddc6 100644 (file)
--- a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java
+++ b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START=======================================================
  * PolicyEngineUtils
  * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,6 +31,7 @@ import java.util.StringTokenizer;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.SAXParser;
 import javax.xml.parsers.SAXParserFactory;
 
@@ -284,7 +285,9 @@ public class PolicyUtils {
         SAXParserFactory factory = SAXParserFactory.newInstance();
         factory.setValidating(false);
         factory.setNamespaceAware(true);
-        try {
+        
+        try {    
+                       factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);               
             SAXParser parser = factory.newSAXParser();
             XMLReader reader = parser.getXMLReader();
             reader.setErrorHandler(new XMLErrorHandler());
-- Archived 06/09/2021