summaryrefslogtreecommitdiffstats
path: root/aai-schema-service/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'aai-schema-service/src/main')
-rw-r--r--aai-schema-service/src/main/java/org/onap/aai/schemaservice/nodeschema/NodeIngestor.java10
-rw-r--r--aai-schema-service/src/main/java/org/onap/aai/schemaservice/nodeschema/validation/DefaultDuplicateNodeDefinitionValidationModule.java5
2 files changed, 15 insertions, 0 deletions
diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/nodeschema/NodeIngestor.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/nodeschema/NodeIngestor.java
index 16136d5..2c32985 100644
--- a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/nodeschema/NodeIngestor.java
+++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/nodeschema/NodeIngestor.java
@@ -113,6 +113,11 @@ public class NodeIngestor {
Set<String> types = new HashSet<>();
final DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
docFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ docFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+ docFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+ docFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+ docFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ docFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
final DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
ArrayList<Node> javaTypes = new ArrayList<>();
@@ -136,6 +141,11 @@ public class NodeIngestor {
private Document createCombinedSchema(List<String> files, SchemaVersion v) throws ParserConfigurationException, SAXException, IOException {
final DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
docFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ docFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+ docFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+ docFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+ docFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ docFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
final DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
DocumentBuilder masterDocBuilder = docFactory.newDocumentBuilder();
Document combinedDoc = masterDocBuilder.parse(getShell(v));
diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/nodeschema/validation/DefaultDuplicateNodeDefinitionValidationModule.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/nodeschema/validation/DefaultDuplicateNodeDefinitionValidationModule.java
index 915a54d..ac3a450 100644
--- a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/nodeschema/validation/DefaultDuplicateNodeDefinitionValidationModule.java
+++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/nodeschema/validation/DefaultDuplicateNodeDefinitionValidationModule.java
@@ -54,6 +54,11 @@ public class DefaultDuplicateNodeDefinitionValidationModule implements Duplicate
try {
final DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
docFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ docFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+ docFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+ docFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+ docFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ docFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
final DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
Multimap<String, String> types = ArrayListMultimap.create();