Apply defect and Fortify fixes to config bundle code

Apply defect and Fortify fixes to config bundle code

Change-Id: I30ec12950c8e2ddcee8a643a9b74a06486c7d6bf
Issue-ID: APPC-1787
Signed-off-by: Keighron, Lori (lk2924) <lk2924@att.com>

1 files changed, 6 insertions, 0 deletions

diff --git a/appc-config/appc-config-generator/provider/src/main/java/org/onap/sdnc/config/generator/tool/CheckDataTool.java b/appc-config/appc-config-generator/provider/src/main/java/org/onap/sdnc/config/generator/tool/CheckDataTool.java
index 17d3447c8..38089ec81 100644
--- a/appc-config/appc-config-generator/provider/src/main/java/org/onap/sdnc/config/generator/tool/CheckDataTool.java
+++ b/appc-config/appc-config-generator/provider/src/main/java/org/onap/sdnc/config/generator/tool/CheckDataTool.java
@@ -26,6 +26,8 @@ package org.onap.sdnc.config.generator.tool;
 import com.att.eelf.configuration.EELFLogger;
 import com.att.eelf.configuration.EELFManager;
 import java.io.StringReader;
+
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import org.codehaus.jettison.json.JSONArray;
@@ -73,6 +75,10 @@ public class CheckDataTool {
     public static boolean isXML(String data) {
         try {
             DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
+            dbFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+            dbFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            dbFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+
             DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
             dBuilder.parse(new InputSource(new StringReader(data)));
             return true;