aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDeterme, Sebastien (sd378r) <sd378r@intl.att.com>2017-10-30 18:49:26 +0100
committerDeterme, Sebastien (sd378r) <sd378r@intl.att.com>2017-10-30 19:00:08 +0100
commit2e5ec6aaac811c9a0efd8f80eef39fd91a1ac9ea (patch)
tree7c4a36c80cc282ca222cd728c41ed6669a368c4e
parent97eb9b662211d5002ce7553dff6bbba4e240f876 (diff)
More secure XSLT
Add security to XSLT class as reported by Fortify Change-Id: I90af6ad54aaf45a3d743638466f29492ca04841b Issue-ID: CLAMP-54 Signed-off-by: Determe, Sebastien (sd378r) <sd378r@intl.att.com>
-rw-r--r--src/main/java/org/onap/clamp/clds/transform/XslTransformer.java2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java b/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java
index 684bae3f..59cc56a4 100644
--- a/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java
+++ b/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java
@@ -26,6 +26,7 @@ package org.onap.clamp.clds.transform;
import java.io.StringReader;
import java.io.StringWriter;
+import javax.xml.XMLConstants;
import javax.xml.transform.Templates;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
@@ -45,6 +46,7 @@ public class XslTransformer {
public void setXslResourceName(String xslResourceName) throws TransformerConfigurationException {
TransformerFactory tfactory = TransformerFactory.newInstance();
+ tfactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
templates = tfactory.newTemplates(new StreamSource(ResourceFileUtil.getResourceAsStream(xslResourceName)));
}