summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJonathan Platt <jonathan.platt@att.com>2021-07-13 13:54:35 -0400
committerJonathan Platt <jonathan.platt@att.com>2021-07-13 13:54:35 -0400
commit87bd7fe2daaa236dea20b4eba7b347175b0e5799 (patch)
tree152aa7329982223f046f5ddb3a0db0c741434259
parent4e4988af6aa561d4950711322941cab8c2d2c895 (diff)
Fix XML external entity vulnerability (CCSDK-3322)
Disabled XML external entity references to resolve XML external entity vulnerability in 'VNFOperationalStateValidatorImpl.java' Issue-ID: CCSDK-3322 Signed-off-by: Jonathan Platt <jonathan.platt@att.com> Change-Id: I88dc0a0ef8e9a587e8f9b3be15ef55e70c687b6e
Diffstat
-rw-r--r--adaptors/netconf-adaptor/netconf-adaptor-bundle/src/main/java/org/onap/ccsdk/sli/adaptors/netconf/VNFOperationalStateValidatorImpl.java2
1 files changed, 2 insertions, 0 deletions
diff --git a/adaptors/netconf-adaptor/netconf-adaptor-bundle/src/main/java/org/onap/ccsdk/sli/adaptors/netconf/VNFOperationalStateValidatorImpl.java b/adaptors/netconf-adaptor/netconf-adaptor-bundle/src/main/java/org/onap/ccsdk/sli/adaptors/netconf/VNFOperationalStateValidatorImpl.java
index 3a6b1428a..44d7bdbd2 100644
--- a/adaptors/netconf-adaptor/netconf-adaptor-bundle/src/main/java/org/onap/ccsdk/sli/adaptors/netconf/VNFOperationalStateValidatorImpl.java
+++ b/adaptors/netconf-adaptor/netconf-adaptor-bundle/src/main/java/org/onap/ccsdk/sli/adaptors/netconf/VNFOperationalStateValidatorImpl.java
@@ -85,6 +85,8 @@ public class VNFOperationalStateValidatorImpl implements OperationalStateValidat
List<Map.Entry> entryList = null;
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ // Remediate XML external entity vulnerabilty - prohibit the use of all protocols by external entities:
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
DocumentBuilder builder = factory.newDocumentBuilder();
Document document = builder.parse(new ByteArrayInputStream(xmlText.getBytes(StandardCharsets.UTF_8)));