Fix CRITICAL xxe (XML External Entity) issues identified in sonarcloud

Issue-ID: AAI-3347 Change-Id: I5b187fea722eb2749dfb5336c3b5ae24fa7df336 Signed-off-by: wr148d <wr148d@att.com>
author: wr148d <wr148d@att.com> 2021-07-20 13:00:28 -0400
committer: wr148d <wr148d@att.com> 2021-07-20 13:55:15 -0400
commit: e4156ab1214268e88716d6153cd7216ef918d1eb (patch)
tree: 335ad48233fb6bdd1988f8eba456b199e4e5392c /aai-schema-gen
parent: 07c0703e31269b679537d520dcd3bad5c4c4f18f (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/aai-schema-gen/src/main/java/org/onap/aai/schemagen/genxsd/OxmFileProcessor.java b/aai-schema-gen/src/main/java/org/onap/aai/schemagen/genxsd/OxmFileProcessor.java
index 39eb9d9..d9c544d 100644
--- a/aai-schema-gen/src/main/java/org/onap/aai/schemagen/genxsd/OxmFileProcessor.java
+++ b/aai-schema-gen/src/main/java/org/onap/aai/schemagen/genxsd/OxmFileProcessor.java
@@ -221,6 +221,11 @@ public abstract class OxmFileProcessor {
         try {
             DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
             dbFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+            dbFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+            dbFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            dbFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+            dbFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+            dbFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
             dBuilder = dbFactory.newDocumentBuilder();
         } catch (ParserConfigurationException e) {
             throw e;
author	wr148d <wr148d@att.com>	2021-07-20 13:00:28 -0400
committer	wr148d <wr148d@att.com>	2021-07-20 13:55:15 -0400
commit	e4156ab1214268e88716d6153cd7216ef918d1eb (patch)
tree	335ad48233fb6bdd1988f8eba456b199e4e5392c /aai-schema-gen
parent	07c0703e31269b679537d520dcd3bad5c4c4f18f (diff)