Fix SonarQube vulnerabilities

Added logging to handle file io boolean returns Added security related settings to xml factories and builders Issue-ID: POLICY-2654 Change-Id: Ibc0a01f978bfc446e1dc1f8ad952d1305a7b7178 Signed-off-by: ToineSiebelink <toine.siebelink@est.tech>
author: ToineSiebelink <toine.siebelink@est.tech> 2020-06-29 12:24:38 +0100
committer: ToineSiebelink <toine.siebelink@est.tech> 2020-06-29 14:46:39 +0100
commit: bf368d2a9cf764f22126fd59c9a3a10ab12fb4bb (patch)
tree: 484b85a7533fbe8986240b5ca9a30bf5d9a8bdd7 /core
parent: bea0762a2c28ee0330036843e17f5af38e06c807 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/core/core-infrastructure/src/main/java/org/onap/policy/apex/core/infrastructure/xml/XPathReader.java b/core/core-infrastructure/src/main/java/org/onap/policy/apex/core/infrastructure/xml/XPathReader.java
index 53b8a7938..f20907370 100644
--- a/core/core-infrastructure/src/main/java/org/onap/policy/apex/core/infrastructure/xml/XPathReader.java
+++ b/core/core-infrastructure/src/main/java/org/onap/policy/apex/core/infrastructure/xml/XPathReader.java
@@ -76,7 +76,8 @@ public class XPathReader {
             LOGGER.info("Initializing XPath reader");
             DocumentBuilderFactory df = DocumentBuilderFactory.newInstance();
             df.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
-
+            df.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+            df.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
             // Check if this is operating on a file
             if (xmlFileName != null) {
                 xmlDocument = df.newDocumentBuilder().parse(xmlFileName);
author	ToineSiebelink <toine.siebelink@est.tech>	2020-06-29 12:24:38 +0100
committer	ToineSiebelink <toine.siebelink@est.tech>	2020-06-29 14:46:39 +0100
commit	bf368d2a9cf764f22126fd59c9a3a10ab12fb4bb (patch)
tree	484b85a7533fbe8986240b5ca9a30bf5d9a8bdd7 /core
parent	bea0762a2c28ee0330036843e17f5af38e06c807 (diff)