From d3e791d2c4a677784c7a183dfdf9b87ef297ef7f Mon Sep 17 00:00:00 2001
From: mpriyank <priyank.maheshwari@est.tech>
Date: Thu, 5 Jan 2023 17:16:39 +0000
Subject: Test XEE in SonarQube

- test by removing the attributes for transformerfactory to check if
  sonarqube gives the vulnerability or not

Issue-ID: CPS-1435
Change-Id: I087796b1bbc465655fd741f678a9b2b417d174dd
Signed-off-by: mpriyank <priyank.maheshwari@est.tech>
---
 .../src/main/java/org/onap/cps/utils/XmlFileUtils.java  | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

(limited to 'cps-service/src/main/java')

diff --git a/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java b/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java
index 10949e7c8..096487f45 100644
--- a/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java
+++ b/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java
@@ -49,8 +49,9 @@ import org.xml.sax.SAXException;
 @NoArgsConstructor(access = AccessLevel.PRIVATE)
 public class XmlFileUtils {
 
+    private static final DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
+    private static boolean isNewDocumentBuilderFactoryInstance = true;
     private static final TransformerFactory transformerFactory = TransformerFactory.newInstance();
-    private static boolean isNewTransformerFactoryInstance = true;
     private static final Pattern XPATH_PROPERTY_REGEX =
         Pattern.compile("\\[@(\\S{1,100})=['\\\"](\\S{1,100})['\\\"]\\]");
 
@@ -161,20 +162,16 @@ public class XmlFileUtils {
 
     private static DocumentBuilderFactory getDocumentBuilderFactory() {
 
-        final DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
-        documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
-        documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
+        if (isNewDocumentBuilderFactoryInstance) {
+            documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+            documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
+            isNewDocumentBuilderFactoryInstance = false;
+        }
 
         return documentBuilderFactory;
     }
 
     private static TransformerFactory getTransformerFactory() {
-        if (isNewTransformerFactoryInstance) {
-            transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
-            transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
-            isNewTransformerFactoryInstance = false;
-        }
-
         return transformerFactory;
     }
 }
-- 
cgit 1.2.3-korg