diff options
author | ToineSiebelink <toine.siebelink@est.tech> | 2020-06-29 12:24:38 +0100 |
---|---|---|
committer | ToineSiebelink <toine.siebelink@est.tech> | 2020-06-29 14:46:39 +0100 |
commit | bf368d2a9cf764f22126fd59c9a3a10ab12fb4bb (patch) | |
tree | 484b85a7533fbe8986240b5ca9a30bf5d9a8bdd7 /model/basic-model/src/main | |
parent | bea0762a2c28ee0330036843e17f5af38e06c807 (diff) |
Fix SonarQube vulnerabilities
Added logging to handle file io boolean returns
Added security related settings to xml factories and builders
Issue-ID: POLICY-2654
Change-Id: Ibc0a01f978bfc446e1dc1f8ad952d1305a7b7178
Signed-off-by: ToineSiebelink <toine.siebelink@est.tech>
Diffstat (limited to 'model/basic-model/src/main')
-rw-r--r-- | model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java b/model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java index 0dab08dcb..0763492fc 100644 --- a/model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java +++ b/model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java @@ -202,6 +202,9 @@ public class ApexModelWriter<C extends AxConcept> { // Write the concept into a DOM document, then transform to add CDATA fields and pretty // print, then write out the result final DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance(); + docBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); + docBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); + docBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); final Document document = docBuilderFactory.newDocumentBuilder().newDocument(); @@ -223,6 +226,9 @@ public class ApexModelWriter<C extends AxConcept> { private Transformer getTransformer() throws TransformerConfigurationException { // Transform the DOM to the output stream final TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); + transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + final Transformer domTransformer = transformerFactory.newTransformer(); // Pretty print |