aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--aai-schema-gen/src/main/java/org/onap/aai/schemagen/genxsd/OxmFileProcessor.java5
-rw-r--r--aai-schema-service/src/main/java/org/onap/aai/schemaservice/nodeschema/NodeIngestor.java10
-rw-r--r--aai-schema-service/src/main/java/org/onap/aai/schemaservice/nodeschema/validation/DefaultDuplicateNodeDefinitionValidationModule.java5
3 files changed, 20 insertions, 0 deletions
diff --git a/aai-schema-gen/src/main/java/org/onap/aai/schemagen/genxsd/OxmFileProcessor.java b/aai-schema-gen/src/main/java/org/onap/aai/schemagen/genxsd/OxmFileProcessor.java
index 39eb9d9..d9c544d 100644
--- a/aai-schema-gen/src/main/java/org/onap/aai/schemagen/genxsd/OxmFileProcessor.java
+++ b/aai-schema-gen/src/main/java/org/onap/aai/schemagen/genxsd/OxmFileProcessor.java
@@ -221,6 +221,11 @@ public abstract class OxmFileProcessor {
try {
DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
dbFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ dbFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+ dbFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+ dbFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+ dbFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ dbFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
dBuilder = dbFactory.newDocumentBuilder();
} catch (ParserConfigurationException e) {
throw e;
diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/nodeschema/NodeIngestor.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/nodeschema/NodeIngestor.java
index 16136d5..2c32985 100644
--- a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/nodeschema/NodeIngestor.java
+++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/nodeschema/NodeIngestor.java
@@ -113,6 +113,11 @@ public class NodeIngestor {
Set<String> types = new HashSet<>();
final DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
docFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ docFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+ docFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+ docFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+ docFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ docFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
final DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
ArrayList<Node> javaTypes = new ArrayList<>();
@@ -136,6 +141,11 @@ public class NodeIngestor {
private Document createCombinedSchema(List<String> files, SchemaVersion v) throws ParserConfigurationException, SAXException, IOException {
final DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
docFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ docFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+ docFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+ docFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+ docFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ docFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
final DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
DocumentBuilder masterDocBuilder = docFactory.newDocumentBuilder();
Document combinedDoc = masterDocBuilder.parse(getShell(v));
diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/nodeschema/validation/DefaultDuplicateNodeDefinitionValidationModule.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/nodeschema/validation/DefaultDuplicateNodeDefinitionValidationModule.java
index 915a54d..ac3a450 100644
--- a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/nodeschema/validation/DefaultDuplicateNodeDefinitionValidationModule.java
+++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/nodeschema/validation/DefaultDuplicateNodeDefinitionValidationModule.java
@@ -54,6 +54,11 @@ public class DefaultDuplicateNodeDefinitionValidationModule implements Duplicate
try {
final DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
docFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ docFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+ docFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+ docFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+ docFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ docFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
final DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
Multimap<String, String> types = ArrayListMultimap.create();