diff options
author | mpriyank <priyank.maheshwari@est.tech> | 2023-01-05 17:16:39 +0000 |
---|---|---|
committer | mpriyank <priyank.maheshwari@est.tech> | 2023-01-05 17:16:43 +0000 |
commit | d3e791d2c4a677784c7a183dfdf9b87ef297ef7f (patch) | |
tree | 99921888f390534dbc0554bee5610ce05055c3da | |
parent | 850c4b8853029677d2161f529653b8c794339744 (diff) |
Test XEE in SonarQube
- test by removing the attributes for transformerfactory to check if
sonarqube gives the vulnerability or not
Issue-ID: CPS-1435
Change-Id: I087796b1bbc465655fd741f678a9b2b417d174dd
Signed-off-by: mpriyank <priyank.maheshwari@est.tech>
-rw-r--r-- | cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java b/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java index 10949e7c8f..096487f45f 100644 --- a/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java +++ b/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java @@ -49,8 +49,9 @@ import org.xml.sax.SAXException; @NoArgsConstructor(access = AccessLevel.PRIVATE) public class XmlFileUtils { + private static final DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); + private static boolean isNewDocumentBuilderFactoryInstance = true; private static final TransformerFactory transformerFactory = TransformerFactory.newInstance(); - private static boolean isNewTransformerFactoryInstance = true; private static final Pattern XPATH_PROPERTY_REGEX = Pattern.compile("\\[@(\\S{1,100})=['\\\"](\\S{1,100})['\\\"]\\]"); @@ -161,20 +162,16 @@ public class XmlFileUtils { private static DocumentBuilderFactory getDocumentBuilderFactory() { - final DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); - documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); - documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); + if (isNewDocumentBuilderFactoryInstance) { + documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); + documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); + isNewDocumentBuilderFactoryInstance = false; + } return documentBuilderFactory; } private static TransformerFactory getTransformerFactory() { - if (isNewTransformerFactoryInstance) { - transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); - transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); - isNewTransformerFactoryInstance = false; - } - return transformerFactory; } } |