diff options
| author |   Dan Timoney <dtimoney@att.com> | 2021-07-09 07:54:44 -0400 |
|---|---|---|
| committer |   KAPIL SINGAL <ks220y@att.com> | 2021-07-09 17:13:07 +0000 |
| commit | 2ab339240c1d0bd8246bebb75d12c4849dd9e4c5 (patch) | |
| tree | 91b91d5ff11eb12103468ed1ce6f8a81feb2a6a5 | |
| parent | bab5ed7d5298d4c5e06d4656a90c45d4959e8026 (diff) | |
Fix XML external entity vulnerability
Disabled XML external entity references to resolve XML external entity
vulnerability.
Issue-ID: CCSDK-3117
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: I1824b52c03148b2bc8a87b7eee8e08768d4284f4
3 files changed, 27 insertions, 19 deletions
diff --git a/core/sliapi/model/swagger/src/main/json/sliapi.json b/core/sliapi/model/swagger/src/main/json/sliapi.json index a612a8f80..10c68e642 100644 --- a/core/sliapi/model/swagger/src/main/json/sliapi.json +++ b/core/sliapi/model/swagger/src/main/json/sliapi.json @@ -1 +1 @@ -{"swagger":"2.0","info":{"description":"Defines API to service logic interpreter,This module contains a collection of generally useful derived\nYANG data types.\n\nCopyright (c) 2013 IETF Trust and the persons identified as\nauthors of the code. All rights reserved.\n\nRedistribution and use in source and binary forms, with or\nwithout modification, is permitted pursuant to, and subject\nto the license terms contained in, the Simplified BSD License\nset forth in Section 4.c of the IETF Trust's Legal Provisions\nRelating to IETF Documents\n(http://trustee.ietf.org/license-info).\n\nThis version of this YANG module is part of RFC 6991; see\nthe RFC itself for full legal notices.,This module contains a collection of generally useful derived\nYANG data types for Internet addresses and related things.\n\nCopyright (c) 2013 IETF Trust and the persons identified as\nauthors of the code. All rights reserved.\n\nRedistribution and use in source and binary forms, with or\nwithout modification, is permitted pursuant to, and subject\nto the license terms contained in, the Simplified BSD License\nset forth in Section 4.c of the IETF Trust's Legal Provisions\nRelating to IETF Documents\n(http://trustee.ietf.org/license-info).\n\nThis version of this YANG module is part of RFC 6991; see\nthe RFC itself for full legal notices.","version":"1.3.0-SNAPSHOT","title":"SLI-API,ietf-yang-types,ietf-inet-types API"},"consumes":["application/json","application/xml"],"produces":["application/json","application/xml"],"paths":{"/config/SLI-API:test-results/":{"get":{"tags":["SLI-API"],"description":"returns sli.api.TestResults","parameters":[],"responses":{"400":{"description":"Internal error"},"200":{"description":"sli.api.TestResults","schema":{"originalRef":"#/definitions/sli.api.TestResults","$ref":"#/definitions/sli.api.TestResults"},"responseSchema":{"originalRef":"#/definitions/sli.api.TestResults","$ref":"#/definitions/sli.api.TestResults"}}}},"post":{"tags":["SLI-API"],"description":"creates sli.api.TestResults","parameters":[{"in":"body","name":"sli.api.TestResults.body-param","description":"sli.api.TestResults to be added to list","required":false,"schema":{"originalRef":"#/definitions/sli.api.TestResults","$ref":"#/definitions/sli.api.TestResults"}}],"responses":{"400":{"description":"Internal error"},"201":{"description":"Object created"},"409":{"description":"Object already exists"}}},"put":{"tags":["SLI-API"],"description":"creates or updates sli.api.TestResults","parameters":[{"in":"body","name":"sli.api.TestResults.body-param","description":"sli.api.TestResults to be added or updated","required":false,"schema":{"originalRef":"#/definitions/sli.api.TestResults","$ref":"#/definitions/sli.api.TestResults"}}],"responses":{"400":{"description":"Internal error"},"201":{"description":"Object created"},"204":{"description":"Object modified"}}},"delete":{"tags":["SLI-API"],"description":"removes sli.api.TestResults","parameters":[],"responses":{"400":{"description":"Internal error"},"204":{"description":"Object deleted"}}}},"/config/SLI-API:test-results/SLI-API:test-result/":{"post":{"description":"creates sli.api.testresults.TestResult","parameters":[{"in":"body","name":"sli.api.testresults.TestResult.body-param","description":"sli.api.testresults.TestResult to be added to list","required":false,"schema":{"originalRef":"#/definitions/sli.api.testresults.TestResult","$ref":"#/definitions/sli.api.testresults.TestResult"}}],"responses":{"400":{"description":"Internal error"},"201":{"description":"Object created"},"409":{"description":"Object already exists"}}}},"/config/SLI-API:test-results/SLI-API:test-result/{test-identifier}/":{"get":{"tags":["SLI-API"],"description":"returns sli.api.testresults.TestResult","parameters":[{"name":"test-identifier","in":"path","description":"Id of test-result","required":true,"type":"string"}],"responses":{"400":{"description":"Internal error"},"200":{"description":"sli.api.testresults.TestResult","schema":{"originalRef":"#/definitions/sli.api.testresults.TestResult","$ref":"#/definitions/sli.api.testresults.TestResult"},"responseSchema":{"originalRef":"#/definitions/sli.api.testresults.TestResult","$ref":"#/definitions/sli.api.testresults.TestResult"}}}},"post":{"tags":["SLI-API"],"description":"creates sli.api.testresults.TestResult","parameters":[{"name":"test-identifier","in":"path","description":"Id of test-result","required":true,"type":"string"},{"in":"body","name":"sli.api.testresults.TestResult.body-param","description":"sli.api.testresults.TestResult to be added to list","required":false,"schema":{"originalRef":"#/definitions/sli.api.testresults.TestResult","$ref":"#/definitions/sli.api.testresults.TestResult"}}],"responses":{"400":{"description":"Internal error"},"201":{"description":"Object created"},"409":{"description":"Object already exists"}}},"put":{"tags":["SLI-API"],"description":"creates or updates sli.api.testresults.TestResult","parameters":[{"name":"test-identifier","in":"path","description":"Id of test-result","required":true,"type":"string"},{"in":"body","name":"sli.api.testresults.TestResult.body-param","description":"sli.api.testresults.TestResult to be added or updated","required":false,"schema":{"originalRef":"#/definitions/sli.api.testresults.TestResult","$ref":"#/definitions/sli.api.testresults.TestResult"}}],"responses":{"400":{"description":"Internal error"},"201":{"description":"Object created"},"204":{"description":"Object modified"}}},"delete":{"tags":["SLI-API"],"description":"removes sli.api.testresults.TestResult","parameters":[{"name":"test-identifier","in":"path","description":"Id of test-result","required":true,"type":"string"}],"responses":{"400":{"description":"Internal error"},"204":{"description":"Object deleted"}}}},"/operational/SLI-API:test-results/":{"get":{"tags":["SLI-API"],"description":"returns sli.api.TestResults","parameters":[],"responses":{"400":{"description":"Internal error"},"200":{"description":"sli.api.TestResults","schema":{"originalRef":"#/definitions/sli.api.TestResults","$ref":"#/definitions/sli.api.TestResults"},"responseSchema":{"originalRef":"#/definitions/sli.api.TestResults","$ref":"#/definitions/sli.api.TestResults"}}}}},"/operational/SLI-API:test-results/SLI-API:test-result/{test-identifier}/":{"get":{"tags":["SLI-API"],"description":"returns sli.api.testresults.TestResult","parameters":[{"name":"test-identifier","in":"path","description":"Id of test-result","required":true,"type":"string"}],"responses":{"400":{"description":"Internal error"},"200":{"description":"sli.api.testresults.TestResult","schema":{"originalRef":"#/definitions/sli.api.testresults.TestResult","$ref":"#/definitions/sli.api.testresults.TestResult"},"responseSchema":{"originalRef":"#/definitions/sli.api.testresults.TestResult","$ref":"#/definitions/sli.api.testresults.TestResult"}}}}},"/operations/SLI-API:execute-graph/":{"post":{"tags":["SLI-API"],"parameters":[{"in":"body","name":"sli.api.executegraph.Input.body-param","required":false,"schema":{"properties":{"input":{"originalRef":"#/definitions/sli.api.executegraph.Input","$ref":"#/definitions/sli.api.executegraph.Input"}}}}],"responses":{"400":{"description":"Internal error"},"200":{"description":"Correct response","schema":{"originalRef":"#/definitions/sli.api.ExecuteGraph","$ref":"#/definitions/sli.api.ExecuteGraph"},"responseSchema":{"originalRef":"#/definitions/sli.api.ExecuteGraph","$ref":"#/definitions/sli.api.ExecuteGraph"}},"201":{"description":"No response"}}}},"/operations/SLI-API:healthcheck/":{"post":{"tags":["SLI-API"],"parameters":[],"responses":{"400":{"description":"Internal error"},"200":{"description":"Correct response","schema":{"originalRef":"#/definitions/sli.api.Healthcheck","$ref":"#/definitions/sli.api.Healthcheck"},"responseSchema":{"originalRef":"#/definitions/sli.api.Healthcheck","$ref":"#/definitions/sli.api.Healthcheck"}},"201":{"description":"No response"}}}},"/operations/SLI-API:vlbcheck/":{"post":{"tags":["SLI-API"],"parameters":[],"responses":{"400":{"description":"Internal error"},"200":{"description":"Correct response","schema":{"originalRef":"#/definitions/sli.api.Vlbcheck","$ref":"#/definitions/sli.api.Vlbcheck"},"responseSchema":{"originalRef":"#/definitions/sli.api.Vlbcheck","$ref":"#/definitions/sli.api.Vlbcheck"}},"201":{"description":"No response"}}}}},"definitions":{"sli.api.ExecuteGraph":{"type":"object","properties":{"output":{"originalRef":"#/definitions/sli.api.ResponseFields","$ref":"#/definitions/sli.api.ResponseFields"}}},"sli.api.Healthcheck":{"type":"object","properties":{"output":{"originalRef":"#/definitions/sli.api.ResponseFields","$ref":"#/definitions/sli.api.ResponseFields"}}},"sli.api.ModeEnumeration":{"type":"string","enum":["sync","async"]},"sli.api.ParameterSetting":{"type":"object","properties":{"string-value":{"type":"string"},"boolean-value":{"type":"boolean"},"parameter-name":{"type":"string","description":"Parameter name"},"int-value":{"type":"integer","format":"int32"}}},"sli.api.ResponseFields":{"type":"object","properties":{"response-code":{"type":"string"},"response-message":{"type":"string"},"context-memory-json":{"type":"string"},"ack-final-indicator":{"type":"string"}}},"sli.api.TestResults":{"type":"object","properties":{"test-result":{"type":"array","items":{"originalRef":"#/definitions/sli.api.testresults.TestResult","$ref":"#/definitions/sli.api.testresults.TestResult"}}}},"sli.api.Vlbcheck":{"type":"object","properties":{"output":{"originalRef":"#/definitions/sli.api.ResponseFields","$ref":"#/definitions/sli.api.ResponseFields"}}},"sli.api.executegraph.Input":{"type":"object","properties":{"mode":{"originalRef":"#/definitions/sli.api.ModeEnumeration","$ref":"#/definitions/sli.api.ModeEnumeration"},"module-name":{"type":"string"},"sli-parameter":{"type":"array","items":{"originalRef":"#/definitions/sli.api.ParameterSetting","$ref":"#/definitions/sli.api.ParameterSetting"}},"rpc-name":{"type":"string"}}},"sli.api.testresults.TestResult":{"type":"object","properties":{"results":{"type":"array","items":{"type":"string"}},"test-identifier":{"type":"string"}}}}}
\ No newline at end of file +{"swagger":"2.0","info":{"description":"Defines API to service logic interpreter,This module contains a collection of generally useful derived\nYANG data types.\n\nCopyright (c) 2013 IETF Trust and the persons identified as\nauthors of the code. All rights reserved.\n\nRedistribution and use in source and binary forms, with or\nwithout modification, is permitted pursuant to, and subject\nto the license terms contained in, the Simplified BSD License\nset forth in Section 4.c of the IETF Trust's Legal Provisions\nRelating to IETF Documents\n(http://trustee.ietf.org/license-info).\n\nThis version of this YANG module is part of RFC 6991; see\nthe RFC itself for full legal notices.,This module contains a collection of generally useful derived\nYANG data types for Internet addresses and related things.\n\nCopyright (c) 2013 IETF Trust and the persons identified as\nauthors of the code. All rights reserved.\n\nRedistribution and use in source and binary forms, with or\nwithout modification, is permitted pursuant to, and subject\nto the license terms contained in, the Simplified BSD License\nset forth in Section 4.c of the IETF Trust's Legal Provisions\nRelating to IETF Documents\n(http://trustee.ietf.org/license-info).\n\nThis version of this YANG module is part of RFC 6991; see\nthe RFC itself for full legal notices.","version":"1.3.0-SNAPSHOT","title":"SLI-API,ietf-yang-types,ietf-inet-types API"},"consumes":["application/json","application/xml"],"produces":["application/json","application/xml"],"paths":{"/config/SLI-API:test-results/":{"get":{"tags":["SLI-API"],"description":"returns sli.api.TestResults","parameters":[],"responses":{"400":{"description":"Internal error"},"200":{"description":"sli.api.TestResults","responseSchema":{"originalRef":"#/definitions/sli.api.TestResults","$ref":"#/definitions/sli.api.TestResults"},"schema":{"originalRef":"#/definitions/sli.api.TestResults","$ref":"#/definitions/sli.api.TestResults"}}}},"post":{"tags":["SLI-API"],"description":"creates sli.api.TestResults","parameters":[{"in":"body","name":"sli.api.TestResults.body-param","description":"sli.api.TestResults to be added to list","required":false,"schema":{"originalRef":"#/definitions/sli.api.TestResults","$ref":"#/definitions/sli.api.TestResults"}}],"responses":{"400":{"description":"Internal error"},"201":{"description":"Object created"},"409":{"description":"Object already exists"}}},"put":{"tags":["SLI-API"],"description":"creates or updates sli.api.TestResults","parameters":[{"in":"body","name":"sli.api.TestResults.body-param","description":"sli.api.TestResults to be added or updated","required":false,"schema":{"originalRef":"#/definitions/sli.api.TestResults","$ref":"#/definitions/sli.api.TestResults"}}],"responses":{"400":{"description":"Internal error"},"201":{"description":"Object created"},"204":{"description":"Object modified"}}},"delete":{"tags":["SLI-API"],"description":"removes sli.api.TestResults","parameters":[],"responses":{"400":{"description":"Internal error"},"204":{"description":"Object deleted"}}}},"/config/SLI-API:test-results/SLI-API:test-result/":{"post":{"description":"creates sli.api.testresults.TestResult","parameters":[{"in":"body","name":"sli.api.testresults.TestResult.body-param","description":"sli.api.testresults.TestResult to be added to list","required":false,"schema":{"originalRef":"#/definitions/sli.api.testresults.TestResult","$ref":"#/definitions/sli.api.testresults.TestResult"}}],"responses":{"400":{"description":"Internal error"},"201":{"description":"Object created"},"409":{"description":"Object already exists"}}}},"/config/SLI-API:test-results/SLI-API:test-result/{test-identifier}/":{"get":{"tags":["SLI-API"],"description":"returns sli.api.testresults.TestResult","parameters":[{"name":"test-identifier","in":"path","description":"Id of test-result","required":true,"type":"string"}],"responses":{"400":{"description":"Internal error"},"200":{"description":"sli.api.testresults.TestResult","responseSchema":{"originalRef":"#/definitions/sli.api.testresults.TestResult","$ref":"#/definitions/sli.api.testresults.TestResult"},"schema":{"originalRef":"#/definitions/sli.api.testresults.TestResult","$ref":"#/definitions/sli.api.testresults.TestResult"}}}},"post":{"tags":["SLI-API"],"description":"creates sli.api.testresults.TestResult","parameters":[{"name":"test-identifier","in":"path","description":"Id of test-result","required":true,"type":"string"},{"in":"body","name":"sli.api.testresults.TestResult.body-param","description":"sli.api.testresults.TestResult to be added to list","required":false,"schema":{"originalRef":"#/definitions/sli.api.testresults.TestResult","$ref":"#/definitions/sli.api.testresults.TestResult"}}],"responses":{"400":{"description":"Internal error"},"201":{"description":"Object created"},"409":{"description":"Object already exists"}}},"put":{"tags":["SLI-API"],"description":"creates or updates sli.api.testresults.TestResult","parameters":[{"name":"test-identifier","in":"path","description":"Id of test-result","required":true,"type":"string"},{"in":"body","name":"sli.api.testresults.TestResult.body-param","description":"sli.api.testresults.TestResult to be added or updated","required":false,"schema":{"originalRef":"#/definitions/sli.api.testresults.TestResult","$ref":"#/definitions/sli.api.testresults.TestResult"}}],"responses":{"400":{"description":"Internal error"},"201":{"description":"Object created"},"204":{"description":"Object modified"}}},"delete":{"tags":["SLI-API"],"description":"removes sli.api.testresults.TestResult","parameters":[{"name":"test-identifier","in":"path","description":"Id of test-result","required":true,"type":"string"}],"responses":{"400":{"description":"Internal error"},"204":{"description":"Object deleted"}}}},"/operational/SLI-API:test-results/":{"get":{"tags":["SLI-API"],"description":"returns sli.api.TestResults","parameters":[],"responses":{"400":{"description":"Internal error"},"200":{"description":"sli.api.TestResults","responseSchema":{"originalRef":"#/definitions/sli.api.TestResults","$ref":"#/definitions/sli.api.TestResults"},"schema":{"originalRef":"#/definitions/sli.api.TestResults","$ref":"#/definitions/sli.api.TestResults"}}}}},"/operational/SLI-API:test-results/SLI-API:test-result/{test-identifier}/":{"get":{"tags":["SLI-API"],"description":"returns sli.api.testresults.TestResult","parameters":[{"name":"test-identifier","in":"path","description":"Id of test-result","required":true,"type":"string"}],"responses":{"400":{"description":"Internal error"},"200":{"description":"sli.api.testresults.TestResult","responseSchema":{"originalRef":"#/definitions/sli.api.testresults.TestResult","$ref":"#/definitions/sli.api.testresults.TestResult"},"schema":{"originalRef":"#/definitions/sli.api.testresults.TestResult","$ref":"#/definitions/sli.api.testresults.TestResult"}}}}},"/operations/SLI-API:execute-graph/":{"post":{"tags":["SLI-API"],"parameters":[{"in":"body","name":"sli.api.executegraph.Input.body-param","required":false,"schema":{"properties":{"input":{"originalRef":"#/definitions/sli.api.executegraph.Input","$ref":"#/definitions/sli.api.executegraph.Input"}}}}],"responses":{"400":{"description":"Internal error"},"200":{"description":"Correct response","responseSchema":{"originalRef":"#/definitions/sli.api.ExecuteGraph","$ref":"#/definitions/sli.api.ExecuteGraph"},"schema":{"originalRef":"#/definitions/sli.api.ExecuteGraph","$ref":"#/definitions/sli.api.ExecuteGraph"}},"201":{"description":"No response"}}}},"/operations/SLI-API:healthcheck/":{"post":{"tags":["SLI-API"],"parameters":[],"responses":{"400":{"description":"Internal error"},"200":{"description":"Correct response","responseSchema":{"originalRef":"#/definitions/sli.api.Healthcheck","$ref":"#/definitions/sli.api.Healthcheck"},"schema":{"originalRef":"#/definitions/sli.api.Healthcheck","$ref":"#/definitions/sli.api.Healthcheck"}},"201":{"description":"No response"}}}},"/operations/SLI-API:vlbcheck/":{"post":{"tags":["SLI-API"],"parameters":[],"responses":{"400":{"description":"Internal error"},"200":{"description":"Correct response","responseSchema":{"originalRef":"#/definitions/sli.api.Vlbcheck","$ref":"#/definitions/sli.api.Vlbcheck"},"schema":{"originalRef":"#/definitions/sli.api.Vlbcheck","$ref":"#/definitions/sli.api.Vlbcheck"}},"201":{"description":"No response"}}}}},"definitions":{"sli.api.ExecuteGraph":{"type":"object","properties":{"output":{"originalRef":"#/definitions/sli.api.ResponseFields","$ref":"#/definitions/sli.api.ResponseFields"}}},"sli.api.Healthcheck":{"type":"object","properties":{"output":{"originalRef":"#/definitions/sli.api.ResponseFields","$ref":"#/definitions/sli.api.ResponseFields"}}},"sli.api.ModeEnumeration":{"type":"string","enum":["sync","async"]},"sli.api.ParameterSetting":{"type":"object","properties":{"string-value":{"type":"string"},"boolean-value":{"type":"boolean"},"parameter-name":{"type":"string","description":"Parameter name"},"int-value":{"type":"integer","format":"int32"}}},"sli.api.ResponseFields":{"type":"object","properties":{"response-code":{"type":"string"},"response-message":{"type":"string"},"context-memory-json":{"type":"string"},"ack-final-indicator":{"type":"string"}}},"sli.api.TestResults":{"type":"object","properties":{"test-result":{"type":"array","items":{"originalRef":"#/definitions/sli.api.testresults.TestResult","$ref":"#/definitions/sli.api.testresults.TestResult"}}}},"sli.api.Vlbcheck":{"type":"object","properties":{"output":{"originalRef":"#/definitions/sli.api.ResponseFields","$ref":"#/definitions/sli.api.ResponseFields"}}},"sli.api.executegraph.Input":{"type":"object","properties":{"mode":{"originalRef":"#/definitions/sli.api.ModeEnumeration","$ref":"#/definitions/sli.api.ModeEnumeration"},"module-name":{"type":"string"},"sli-parameter":{"type":"array","items":{"originalRef":"#/definitions/sli.api.ParameterSetting","$ref":"#/definitions/sli.api.ParameterSetting"}},"rpc-name":{"type":"string"}}},"sli.api.testresults.TestResult":{"type":"object","properties":{"results":{"type":"array","items":{"type":"string"}},"test-identifier":{"type":"string"}}}}}
\ No newline at end of file diff --git a/core/sliapi/model/swagger/src/main/yaml/sliapi.yaml b/core/sliapi/model/swagger/src/main/yaml/sliapi.yaml index 22fee129f..73003f62b 100644 --- a/core/sliapi/model/swagger/src/main/yaml/sliapi.yaml +++ b/core/sliapi/model/swagger/src/main/yaml/sliapi.yaml @@ -38,10 +38,10 @@ paths: description: "Internal error" 200: description: "sli.api.TestResults" - schema: + responseSchema: originalRef: "#/definitions/sli.api.TestResults" $ref: "#/definitions/sli.api.TestResults" - responseSchema: + schema: originalRef: "#/definitions/sli.api.TestResults" $ref: "#/definitions/sli.api.TestResults" post: @@ -126,10 +126,10 @@ paths: description: "Internal error" 200: description: "sli.api.testresults.TestResult" - schema: + responseSchema: originalRef: "#/definitions/sli.api.testresults.TestResult" $ref: "#/definitions/sli.api.testresults.TestResult" - responseSchema: + schema: originalRef: "#/definitions/sli.api.testresults.TestResult" $ref: "#/definitions/sli.api.testresults.TestResult" post: @@ -206,10 +206,10 @@ paths: description: "Internal error" 200: description: "sli.api.TestResults" - schema: + responseSchema: originalRef: "#/definitions/sli.api.TestResults" $ref: "#/definitions/sli.api.TestResults" - responseSchema: + schema: originalRef: "#/definitions/sli.api.TestResults" $ref: "#/definitions/sli.api.TestResults" /operational/SLI-API:test-results/SLI-API:test-result/{test-identifier}/: @@ -228,10 +228,10 @@ paths: description: "Internal error" 200: description: "sli.api.testresults.TestResult" - schema: + responseSchema: originalRef: "#/definitions/sli.api.testresults.TestResult" $ref: "#/definitions/sli.api.testresults.TestResult" - responseSchema: + schema: originalRef: "#/definitions/sli.api.testresults.TestResult" $ref: "#/definitions/sli.api.testresults.TestResult" /operations/SLI-API:execute-graph/: @@ -252,10 +252,10 @@ paths: description: "Internal error" 200: description: "Correct response" - schema: + responseSchema: originalRef: "#/definitions/sli.api.ExecuteGraph" $ref: "#/definitions/sli.api.ExecuteGraph" - responseSchema: + schema: originalRef: "#/definitions/sli.api.ExecuteGraph" $ref: "#/definitions/sli.api.ExecuteGraph" 201: @@ -270,10 +270,10 @@ paths: description: "Internal error" 200: description: "Correct response" - schema: + responseSchema: originalRef: "#/definitions/sli.api.Healthcheck" $ref: "#/definitions/sli.api.Healthcheck" - responseSchema: + schema: originalRef: "#/definitions/sli.api.Healthcheck" $ref: "#/definitions/sli.api.Healthcheck" 201: @@ -288,10 +288,10 @@ paths: description: "Internal error" 200: description: "Correct response" - schema: + responseSchema: originalRef: "#/definitions/sli.api.Vlbcheck" $ref: "#/definitions/sli.api.Vlbcheck" - responseSchema: + schema: originalRef: "#/definitions/sli.api.Vlbcheck" $ref: "#/definitions/sli.api.Vlbcheck" 201: diff --git a/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/yangserializers/dfserializer/DfSerializerUtil.java b/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/yangserializers/dfserializer/DfSerializerUtil.java index 14824f51e..0134a5a47 100644 --- a/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/yangserializers/dfserializer/DfSerializerUtil.java +++ b/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/yangserializers/dfserializer/DfSerializerUtil.java @@ -31,6 +31,8 @@ import java.io.Writer; import java.net.URI; import java.net.URISyntaxException; import java.util.Iterator; + +import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; @@ -123,8 +125,11 @@ public final class DfSerializerUtil { public static Writer getXmlWriter(String input, String indent) throws SvcLogicException { try { - Transformer transformer = TransformerFactory.newInstance() - .newTransformer(); + TransformerFactory factory = javax.xml.transform.TransformerFactory.newInstance(); + // Remediate XML external entity vulnerabilty - prohibit the use of all protocols by external entities: + factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); + factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = factory.newTransformer(); transformer.setOutputProperty(INDENT, YES); transformer.setOutputProperty(INDENT_XMLNS, indent); StreamResult result = new StreamResult(new StringWriter()); @@ -146,9 +151,12 @@ public final class DfSerializerUtil { */ private static Document parseXml(String in) throws SvcLogicException { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); - DocumentBuilder db; + try { - db = dbf.newDocumentBuilder(); + // To remediate XML external entity vulnerability, completely disable external entities declarations: + dbf.setFeature("http://xml.org/sax/features/external-general-entities", false); + dbf.setFeature("http://xml.org/sax/features/external-parameter-entities", false); + DocumentBuilder db = dbf.newDocumentBuilder(); InputSource is = new InputSource(new StringReader(in)); return db.parse(is); } catch (SAXException | IOException | ParserConfigurationException e) { |