Fix SonarQube vulnerabilities

Added logging to handle file io boolean returns
Added security related settings to xml factories and builders

Issue-ID: POLICY-2654
Change-Id: Ibc0a01f978bfc446e1dc1f8ad952d1305a7b7178
Signed-off-by: ToineSiebelink <toine.siebelink@est.tech>

1 files changed, 4 insertions, 0 deletions

diff --git a/examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java b/examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java
index f3ea15935..e01e997fd 100644
--- a/examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java
+++ b/examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java
@@ -34,6 +34,7 @@ import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.TrustManager;
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.transform.OutputKeys;
 import javax.xml.transform.Transformer;
@@ -158,6 +159,9 @@ public class WebClient {
 
                 TransformerFactory transformerFactory = TransformerFactory.newInstance();
                 transformerFactory.setAttribute("indent-number", indent);
+                transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+                transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
+
                 Transformer transformer = transformerFactory.newTransformer();
                 transformer.setOutputProperty(OutputKeys.ENCODING, StandardCharsets.UTF_8.name());
                 transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");