From d6801d69b3d29ce0aa99d3214f7cf4bfd02fb706 Mon Sep 17 00:00:00 2001 From: "Keighron, Lori (lk2924)" Date: Tue, 19 Nov 2019 15:12:06 -0500 Subject: Apply defect and Fortify fixes to config bundle code Apply defect and Fortify fixes to config bundle code Change-Id: I30ec12950c8e2ddcee8a643a9b74a06486c7d6bf Issue-ID: APPC-1787 Signed-off-by: Keighron, Lori (lk2924) --- .../main/java/org/onap/sdnc/config/audit/node/CompareXmlData.java | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'appc-config/appc-config-audit/provider') diff --git a/appc-config/appc-config-audit/provider/src/main/java/org/onap/sdnc/config/audit/node/CompareXmlData.java b/appc-config/appc-config-audit/provider/src/main/java/org/onap/sdnc/config/audit/node/CompareXmlData.java index e5e2b757f..9f1e4c97e 100644 --- a/appc-config/appc-config-audit/provider/src/main/java/org/onap/sdnc/config/audit/node/CompareXmlData.java +++ b/appc-config/appc-config-audit/provider/src/main/java/org/onap/sdnc/config/audit/node/CompareXmlData.java @@ -29,6 +29,7 @@ package org.onap.sdnc.config.audit.node; import java.io.IOException; import java.io.StringReader; +import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; @@ -121,6 +122,10 @@ public class CompareXmlData implements CompareDataInterface public Document getCompareDoc(String inXml) throws ParserConfigurationException, SAXException, IOException { DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance(); + dbFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + dbFactory.setFeature("http://xml.org/sax/features/external-general-entities", false); + dbFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); + DocumentBuilder dBuilder = dbFactory.newDocumentBuilder(); StringReader reader = new StringReader(inXml); InputSource inputSource = new InputSource(reader); -- cgit 1.2.3-korg