diff options
author | aditya.puthuparambil <aditya.puthuparambil@est.tech> | 2020-04-14 13:16:07 +0100 |
---|---|---|
committer | aditya.puthuparambil <aditya.puthuparambil@est.tech> | 2020-04-14 13:16:07 +0100 |
commit | 3c40c871d6f0679e60f4d5c825d272af8bbe3148 (patch) | |
tree | ac3df4624f9ddd2bf08ef1ce783e49c1eb4c9af8 /examples/examples-onap-bbs/src/main/java | |
parent | 2a3fd3ee6c37314da69f4121019c8d713ace79ae (diff) |
SONAR issue fix
Issue-ID: POLICY-1913
Signed-off-by: aditya.puthuparambil <aditya.puthuparambil@est.tech>
Change-Id: Ie6dccc50ad63c5fdca1e79d7985aec2455041b56
Diffstat (limited to 'examples/examples-onap-bbs/src/main/java')
-rw-r--r-- | examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java b/examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java index edaff6b52..884708d03 100644 --- a/examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java +++ b/examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java @@ -34,7 +34,6 @@ import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; -import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.transform.OutputKeys; import javax.xml.transform.Transformer; @@ -64,6 +63,10 @@ public class WebClient { // Duplicated string constants private static final String BBS_POLICY = "BBS Policy"; + //Features to prevent XXE injection + private static final String XML_DISALLOW_DOCTYPE_FEATURE = "http://apache.org/xml/features/disallow-doctype-decl"; + private static final String XML_EXTERNAL_ENTITY_FEATURE = "http://xml.org/sax/features/external-general-entities"; + /** * Send simple https rest request. * @@ -140,7 +143,8 @@ public class WebClient { try (ByteArrayInputStream br = new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8))) { DocumentBuilderFactory df = DocumentBuilderFactory.newInstance(); - df.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + df.setFeature(XML_DISALLOW_DOCTYPE_FEATURE, true); + df.setFeature(XML_EXTERNAL_ENTITY_FEATURE, false); Document document = df.newDocumentBuilder().parse(new InputSource(br)); document.normalize(); |