Apply defect and Fortify fixes to config bundle code

Apply defect and Fortify fixes to config bundle code

Change-Id: I30ec12950c8e2ddcee8a643a9b74a06486c7d6bf
Issue-ID: APPC-1787
Signed-off-by: Keighron, Lori (lk2924) <lk2924@att.com>

1 files changed, 5 insertions, 0 deletions

diff --git a/appc-config/appc-config-audit/provider/src/main/java/org/onap/sdnc/config/audit/node/CompareXmlData.java b/appc-config/appc-config-audit/provider/src/main/java/org/onap/sdnc/config/audit/node/CompareXmlData.java
index e5e2b757f..9f1e4c97e 100644
--- a/appc-config/appc-config-audit/provider/src/main/java/org/onap/sdnc/config/audit/node/CompareXmlData.java
+++ b/appc-config/appc-config-audit/provider/src/main/java/org/onap/sdnc/config/audit/node/CompareXmlData.java
@@ -29,6 +29,7 @@ package org.onap.sdnc.config.audit.node;
 import java.io.IOException;
 import java.io.StringReader;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
@@ -121,6 +122,10 @@ public class CompareXmlData implements CompareDataInterface
     public Document getCompareDoc(String inXml) throws ParserConfigurationException, SAXException, IOException
     {
         DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
+        dbFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+        dbFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+        dbFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+
         DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
         StringReader reader = new StringReader(inXml);
         InputSource inputSource = new InputSource(reader);