diff options
author | Determe, Sebastien (sd378r) <sd378r@intl.att.com> | 2017-10-30 18:49:26 +0100 |
---|---|---|
committer | Determe, Sebastien (sd378r) <sd378r@intl.att.com> | 2017-10-30 19:00:08 +0100 |
commit | 2e5ec6aaac811c9a0efd8f80eef39fd91a1ac9ea (patch) | |
tree | 7c4a36c80cc282ca222cd728c41ed6669a368c4e | |
parent | 97eb9b662211d5002ce7553dff6bbba4e240f876 (diff) |
More secure XSLT
Add security to XSLT class as reported by Fortify
Change-Id: I90af6ad54aaf45a3d743638466f29492ca04841b
Issue-ID: CLAMP-54
Signed-off-by: Determe, Sebastien (sd378r) <sd378r@intl.att.com>
-rw-r--r-- | src/main/java/org/onap/clamp/clds/transform/XslTransformer.java | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java b/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java index 684bae3f..59cc56a4 100644 --- a/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java +++ b/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java @@ -26,6 +26,7 @@ package org.onap.clamp.clds.transform; import java.io.StringReader; import java.io.StringWriter; +import javax.xml.XMLConstants; import javax.xml.transform.Templates; import javax.xml.transform.Transformer; import javax.xml.transform.TransformerConfigurationException; @@ -45,6 +46,7 @@ public class XslTransformer { public void setXslResourceName(String xslResourceName) throws TransformerConfigurationException { TransformerFactory tfactory = TransformerFactory.newInstance(); + tfactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); templates = tfactory.newTemplates(new StreamSource(ResourceFileUtil.getResourceAsStream(xslResourceName))); } |