summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormpriyank <priyank.maheshwari@est.tech>2023-01-05 17:16:39 +0000
committermpriyank <priyank.maheshwari@est.tech>2023-01-05 17:16:43 +0000
commitd3e791d2c4a677784c7a183dfdf9b87ef297ef7f (patch)
tree99921888f390534dbc0554bee5610ce05055c3da
parent850c4b8853029677d2161f529653b8c794339744 (diff)
Test XEE in SonarQube
- test by removing the attributes for transformerfactory to check if sonarqube gives the vulnerability or not Issue-ID: CPS-1435 Change-Id: I087796b1bbc465655fd741f678a9b2b417d174dd Signed-off-by: mpriyank <priyank.maheshwari@est.tech>
-rw-r--r--cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java17
1 files changed, 7 insertions, 10 deletions
diff --git a/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java b/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java
index 10949e7c8f..096487f45f 100644
--- a/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java
+++ b/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java
@@ -49,8 +49,9 @@ import org.xml.sax.SAXException;
@NoArgsConstructor(access = AccessLevel.PRIVATE)
public class XmlFileUtils {
+ private static final DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
+ private static boolean isNewDocumentBuilderFactoryInstance = true;
private static final TransformerFactory transformerFactory = TransformerFactory.newInstance();
- private static boolean isNewTransformerFactoryInstance = true;
private static final Pattern XPATH_PROPERTY_REGEX =
Pattern.compile("\\[@(\\S{1,100})=['\\\"](\\S{1,100})['\\\"]\\]");
@@ -161,20 +162,16 @@ public class XmlFileUtils {
private static DocumentBuilderFactory getDocumentBuilderFactory() {
- final DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
- documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
- documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
+ if (isNewDocumentBuilderFactoryInstance) {
+ documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
+ isNewDocumentBuilderFactoryInstance = false;
+ }
return documentBuilderFactory;
}
private static TransformerFactory getTransformerFactory() {
- if (isNewTransformerFactoryInstance) {
- transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
- transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
- isNewTransformerFactoryInstance = false;
- }
-
return transformerFactory;
}
}