summaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
authoraditya.puthuparambil <aditya.puthuparambil@est.tech>2020-03-10 14:12:55 +0000
committeraditya.puthuparambil <aditya.puthuparambil@est.tech>2020-03-11 13:20:49 +0000
commit601eb7fa55e373563ba396f491cec88732cd6e4e (patch)
treea8b22f54ce2b35594e520e5fc7c48b5dc216a5d2 /core
parent4eb64b73443620c8588ee48b54d225326ff4550e (diff)
Sonar Security vulnerabilities fix
Issue-ID: POLICY-1913 Signed-off-by: aditya.puthuparambil <aditya.puthuparambil@est.tech> Change-Id: Ic86e04776c9300e37134210cd9db5b6d7e6a5a9e
Diffstat (limited to 'core')
-rw-r--r--core/core-infrastructure/src/main/java/org/onap/policy/apex/core/infrastructure/xml/XPathReader.java20
1 files changed, 11 insertions, 9 deletions
diff --git a/core/core-infrastructure/src/main/java/org/onap/policy/apex/core/infrastructure/xml/XPathReader.java b/core/core-infrastructure/src/main/java/org/onap/policy/apex/core/infrastructure/xml/XPathReader.java
index 08046c924..a9c57f385 100644
--- a/core/core-infrastructure/src/main/java/org/onap/policy/apex/core/infrastructure/xml/XPathReader.java
+++ b/core/core-infrastructure/src/main/java/org/onap/policy/apex/core/infrastructure/xml/XPathReader.java
@@ -1,6 +1,7 @@
/*-
* ============LICENSE_START=======================================================
* Copyright (C) 2016-2018 Ericsson. All rights reserved.
+ * Modifications Copyright (C) 2020 Nordix Foundation.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -22,6 +23,7 @@ package org.onap.policy.apex.core.infrastructure.xml;
import java.io.InputStream;
+import javax.xml.XMLConstants;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.xpath.XPath;
@@ -39,6 +41,7 @@ import org.w3c.dom.Document;
* @author Sajeevan Achuthan (sajeevan.achuthan@ericsson.com)
*/
public class XPathReader {
+
// Logger for this class
private static final XLogger LOGGER = XLoggerFactory.getXLogger(XPathReader.class);
@@ -73,18 +76,17 @@ public class XPathReader {
private void init() {
try {
LOGGER.info("Initializing XPath reader");
+ DocumentBuilderFactory df = DocumentBuilderFactory.newInstance();
+ df.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
// Check if this is operating on a file
if (xmlFileName != null) {
- xmlDocument = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(xmlFileName);
- }
- // Check if this is operating on a stream
- else if (xmlStream != null) {
- xmlDocument = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(xmlStream);
-
- }
- // We have an error
- else {
+ xmlDocument = df.newDocumentBuilder().parse(xmlFileName);
+ } else if (xmlStream != null) {
+ // Check if this is operating on a stream
+ xmlDocument = df.newDocumentBuilder().parse(xmlStream);
+ } else {
+ // We have an error
LOGGER.error("XPath reader not initialized with either a file or a stream");
return;
}