diff options
author | Dan Timoney <dtimoney@att.com> | 2020-10-19 15:35:27 -0400 |
---|---|---|
committer | Dan Timoney <dtimoney@att.com> | 2020-10-19 15:35:27 -0400 |
commit | 1668af4b170153f07a103e5dfc23c0437629d13e (patch) | |
tree | ab068df0116274867fb20153ee2638d09c2ae877 /properties-node/provider | |
parent | c37395832b700f66f5087c59c2b0e73a4c34922a (diff) |
Disable external entities reference
Disable external entities reference in properties node XML parser
to avoid XXE vulnerability.
Change-Id: I5136dc7edb575d944dfe9fbab334629ec18c5d47
Issue-ID: CCSDK-2918
Signed-off-by: Dan Timoney <dtimoney@att.com>
Diffstat (limited to 'properties-node/provider')
-rw-r--r-- | properties-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/prop/XmlParser.java | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/properties-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/prop/XmlParser.java b/properties-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/prop/XmlParser.java index 68b2f74e..f48a21e9 100644 --- a/properties-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/prop/XmlParser.java +++ b/properties-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/prop/XmlParser.java @@ -28,6 +28,7 @@ import org.xml.sax.Attributes; import org.xml.sax.SAXException; import org.xml.sax.helpers.DefaultHandler; +import javax.xml.XMLConstants; import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.SAXParser; import javax.xml.parsers.SAXParserFactory; @@ -57,6 +58,10 @@ public final class XmlParser { Handler handler = new Handler(listNameList); try { SAXParserFactory factory = SAXParserFactory.newInstance(); + + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + factory.setFeature("http://xml.org/sax/features/external-general-entities", false); + factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); SAXParser saxParser = factory.newSAXParser(); InputStream in = new ByteArrayInputStream(s.getBytes()); saxParser.parse(in, handler); |