summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormpriyank <priyank.maheshwari@est.tech>2023-01-06 10:12:59 +0000
committermpriyank <priyank.maheshwari@est.tech>2023-01-06 10:13:05 +0000
commit377a02ce32ede76c52f6de709707cfd17daece6f (patch)
treef92a9398e96d9916303623b9a7345844c624e494
parentd3e791d2c4a677784c7a183dfdf9b87ef297ef7f (diff)
Local DocBuilderFactory fix XEE
- local DocumentBuilderFactory fix for prevention of XML External Entity Issue-ID: CPS-1435 Change-Id: Ib88268edc5975bf0fe4e3e56bc704f266280af4b Signed-off-by: mpriyank <priyank.maheshwari@est.tech>
-rw-r--r--cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java18
1 files changed, 11 insertions, 7 deletions
diff --git a/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java b/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java
index 096487f45f..a0d770191e 100644
--- a/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java
+++ b/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java
@@ -49,9 +49,8 @@ import org.xml.sax.SAXException;
@NoArgsConstructor(access = AccessLevel.PRIVATE)
public class XmlFileUtils {
- private static final DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
- private static boolean isNewDocumentBuilderFactoryInstance = true;
private static final TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ private static boolean isNewTransformerFactoryInstance = true;
private static final Pattern XPATH_PROPERTY_REGEX =
Pattern.compile("\\[@(\\S{1,100})=['\\\"](\\S{1,100})['\\\"]\\]");
@@ -162,16 +161,21 @@ public class XmlFileUtils {
private static DocumentBuilderFactory getDocumentBuilderFactory() {
- if (isNewDocumentBuilderFactoryInstance) {
- documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
- documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
- isNewDocumentBuilderFactoryInstance = false;
- }
+ final DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
+ documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
return documentBuilderFactory;
}
private static TransformerFactory getTransformerFactory() {
+
+ if (isNewTransformerFactoryInstance) {
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
+ isNewTransformerFactoryInstance = false;
+ }
+
return transformerFactory;
}
}