summaryrefslogtreecommitdiffstats
path: root/mdsal-resource/provider/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'mdsal-resource/provider/src/main/java')
-rw-r--r--mdsal-resource/provider/src/main/java/org/onap/ccsdk/sli/adaptors/resource/mdsal/RestService.java5
1 files changed, 4 insertions, 1 deletions
diff --git a/mdsal-resource/provider/src/main/java/org/onap/ccsdk/sli/adaptors/resource/mdsal/RestService.java b/mdsal-resource/provider/src/main/java/org/onap/ccsdk/sli/adaptors/resource/mdsal/RestService.java
index 2991e6bef..30859a492 100644
--- a/mdsal-resource/provider/src/main/java/org/onap/ccsdk/sli/adaptors/resource/mdsal/RestService.java
+++ b/mdsal-resource/provider/src/main/java/org/onap/ccsdk/sli/adaptors/resource/mdsal/RestService.java
@@ -34,6 +34,7 @@ import java.net.URL;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
+import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -180,9 +181,11 @@ public class RestService {
LOG.info("Response body :\n"+respString);
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ dbf.setFeature("http://xml.org/sax/features/external-general-entities", false);
+ dbf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
DocumentBuilder db = dbf.newDocumentBuilder();
-
response = db.parse(new ByteArrayInputStream(respString.getBytes()));
} catch (Exception e) {