aboutsummaryrefslogtreecommitdiffstats
path: root/model/basic-model/src/main
diff options
context:
space:
mode:
authorToineSiebelink <toine.siebelink@est.tech>2020-06-29 12:24:38 +0100
committerToineSiebelink <toine.siebelink@est.tech>2020-06-29 14:46:39 +0100
commitbf368d2a9cf764f22126fd59c9a3a10ab12fb4bb (patch)
tree484b85a7533fbe8986240b5ca9a30bf5d9a8bdd7 /model/basic-model/src/main
parentbea0762a2c28ee0330036843e17f5af38e06c807 (diff)
Fix SonarQube vulnerabilities
Added logging to handle file io boolean returns Added security related settings to xml factories and builders Issue-ID: POLICY-2654 Change-Id: Ibc0a01f978bfc446e1dc1f8ad952d1305a7b7178 Signed-off-by: ToineSiebelink <toine.siebelink@est.tech>
Diffstat (limited to 'model/basic-model/src/main')
-rw-r--r--model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java6
1 files changed, 6 insertions, 0 deletions
diff --git a/model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java b/model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java
index 0dab08dcb..0763492fc 100644
--- a/model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java
+++ b/model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java
@@ -202,6 +202,9 @@ public class ApexModelWriter<C extends AxConcept> {
// Write the concept into a DOM document, then transform to add CDATA fields and pretty
// print, then write out the result
final DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
+ docBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ docBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
+
docBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
final Document document = docBuilderFactory.newDocumentBuilder().newDocument();
@@ -223,6 +226,9 @@ public class ApexModelWriter<C extends AxConcept> {
private Transformer getTransformer() throws TransformerConfigurationException {
// Transform the DOM to the output stream
final TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
+
final Transformer domTransformer = transformerFactory.newTransformer();
// Pretty print