summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAbhishek Bajaj <abhishek.kumar.bajaj@huawei.com>2021-03-19 18:17:17 +0530
committerAbhishek Bajaj <abhishek.kumar.bajaj@huawei.com>2021-03-19 18:52:23 +0530
commit28be67398b155b67bc5e7cf54bba81a6d09d0eb0 (patch)
tree0fb98c34ef931d1beaf15453760708cdfb7f32aa
parentf8c6515b33d2e108ac719016e77bf0bab2a5ae1a (diff)
Disable access to external entities in XML parsing1.2.5
Issue-ID: DCAEGEN2-2675 Signed-off-by: Abhishek Bajaj <abhishek.kumar.bajaj@huawei.com> Change-Id: I8738480af9078e8db4b7217f0a837f60084d93fa Signed-off-by: Abhishek Bajaj <abhishek.kumar.bajaj@huawei.com>
Diffstat
-rw-r--r--Changelog.md4
-rw-r--r--pom.xml2
-rwxr-xr-xsrc/main/java/org/onap/dcae/common/XmlParser.java5
3 files changed, 9 insertions, 2 deletions
diff --git a/Changelog.md b/Changelog.md
index b2adf82..b6fa3f3 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/)
and this project adheres to [Semantic Versioning](http://semver.org/).
+## [1.2.5] - 19/03/2021
+### Fixed
+- [DCAEGEN2-2675](https://jira.onap.org/browse/DCAEGEN2-2675) - Disable access to external entities in XML parsing
+
## [1.2.5] - 12/03/2021
### Fixed
- [DCAEGEN2-2518](https://jira.onap.org/browse/DCAEGEN2-2518) - Fix the security blocker in restconf collector
diff --git a/pom.xml b/pom.xml
index 753e5b2..2eb0b30 100644
--- a/pom.xml
+++ b/pom.xml
@@ -27,7 +27,7 @@ limitations under the License.
</parent>
<groupId>org.onap.dcaegen2.collectors.restconf</groupId>
<artifactId>restconfcollector</artifactId>
- <version>1.2.4-SNAPSHOT</version>
+ <version>1.2.5-SNAPSHOT</version>
<name>dcaegen2-collectors-restconf</name>
<description>RestConfCollector</description>
<properties>
diff --git a/src/main/java/org/onap/dcae/common/XmlParser.java b/src/main/java/org/onap/dcae/common/XmlParser.java
index a9902d2..665297d 100755
--- a/src/main/java/org/onap/dcae/common/XmlParser.java
+++ b/src/main/java/org/onap/dcae/common/XmlParser.java
@@ -2,7 +2,7 @@
* ============LICENSE_START=======================================================
* org.onap.dcaegen2.collectors.restconf
* ================================================================================
- * Copyright (C) 2018-2019 Huawei. All rights reserved.
+ * Copyright (C) 2018-2021 Huawei. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -26,6 +26,7 @@ import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;
+import javax.xml.XMLConstants;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
@@ -56,6 +57,8 @@ public class XmlParser {
try {
SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser saxParser = factory.newSAXParser();
+ saxParser.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ saxParser.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
InputStream in = new ByteArrayInputStream(s.getBytes());
saxParser.parse(in, handler);
} catch (ParserConfigurationException | IOException | SAXException | NumberFormatException e) {