Disable access to external entities in XML parsing1.2.5

Issue-ID: DCAEGEN2-2675
Signed-off-by: Abhishek Bajaj <abhishek.kumar.bajaj@huawei.com>

Change-Id: I8738480af9078e8db4b7217f0a837f60084d93fa
Signed-off-by: Abhishek Bajaj <abhishek.kumar.bajaj@huawei.com>

1 files changed, 4 insertions, 1 deletions

diff --git a/src/main/java/org/onap/dcae/common/XmlParser.java b/src/main/java/org/onap/dcae/common/XmlParser.java
index a9902d2..665297d 100755
--- a/src/main/java/org/onap/dcae/common/XmlParser.java
+++ b/src/main/java/org/onap/dcae/common/XmlParser.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START=======================================================
  * org.onap.dcaegen2.collectors.restconf
  * ================================================================================
- * Copyright (C) 2018-2019 Huawei. All rights reserved.
+ * Copyright (C) 2018-2021 Huawei. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,6 +26,7 @@ import org.xml.sax.Attributes;
 import org.xml.sax.SAXException;
 import org.xml.sax.helpers.DefaultHandler;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.parsers.SAXParser;
 import javax.xml.parsers.SAXParserFactory;
@@ -56,6 +57,8 @@ public class XmlParser {
         try {
             SAXParserFactory factory = SAXParserFactory.newInstance();
             SAXParser saxParser = factory.newSAXParser();
+			saxParser.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+            saxParser.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
             InputStream in = new ByteArrayInputStream(s.getBytes());
             saxParser.parse(in, handler);
         } catch (ParserConfigurationException | IOException | SAXException | NumberFormatException e) {