From 35e3de3f0d5b2b02fc6ef92ec577fe6b7cd05e3c Mon Sep 17 00:00:00 2001 From: wr148d Date: Tue, 20 Jul 2021 12:30:30 -0400 Subject: fix CRITICAL xxe (XML External Entity) issues identified in sonarcloud Issue-ID: AAI-3346 Signed-off-by: wr148d Change-Id: I76532cc11f348f9c267f5cd87e061b139ce4e7e0 --- src/main/java/org/onap/aai/modelloader/entity/model/ModelArtifact.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/java/org/onap/aai/modelloader/entity/model/ModelArtifact.java b/src/main/java/org/onap/aai/modelloader/entity/model/ModelArtifact.java index 7c9b4c2..73709f6 100644 --- a/src/main/java/org/onap/aai/modelloader/entity/model/ModelArtifact.java +++ b/src/main/java/org/onap/aai/modelloader/entity/model/ModelArtifact.java @@ -287,6 +287,7 @@ public class ModelArtifact extends AbstractModelArtifact { StringWriter sw = new StringWriter(); TransformerFactory transFact = TransformerFactory.newInstance(); transFact.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); + transFact.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); Transformer t = transFact.newTransformer(); t.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); t.transform(new DOMSource(node), new StreamResult(sw)); -- cgit 1.2.3-korg