From e4156ab1214268e88716d6153cd7216ef918d1eb Mon Sep 17 00:00:00 2001
From: wr148d <wr148d@att.com>
Date: Tue, 20 Jul 2021 13:00:28 -0400
Subject: Fix CRITICAL xxe (XML External Entity) issues identified in
 sonarcloud

Issue-ID: AAI-3347
Change-Id: I5b187fea722eb2749dfb5336c3b5ae24fa7df336
Signed-off-by: wr148d <wr148d@att.com>
---
 .../main/java/org/onap/aai/schemagen/genxsd/OxmFileProcessor.java    | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'aai-schema-gen/src/main/java/org')

diff --git a/aai-schema-gen/src/main/java/org/onap/aai/schemagen/genxsd/OxmFileProcessor.java b/aai-schema-gen/src/main/java/org/onap/aai/schemagen/genxsd/OxmFileProcessor.java
index 39eb9d9..d9c544d 100644
--- a/aai-schema-gen/src/main/java/org/onap/aai/schemagen/genxsd/OxmFileProcessor.java
+++ b/aai-schema-gen/src/main/java/org/onap/aai/schemagen/genxsd/OxmFileProcessor.java
@@ -221,6 +221,11 @@ public abstract class OxmFileProcessor {
         try {
             DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
             dbFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+            dbFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+            dbFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            dbFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+            dbFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+            dbFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
             dBuilder = dbFactory.newDocumentBuilder();
         } catch (ParserConfigurationException e) {
             throw e;
-- 
cgit 1.2.3-korg