Fix SonarQube vulnerabilities

Added logging to handle file io boolean returns
Added security related settings to xml factories and builders

Issue-ID: POLICY-2654
Change-Id: Ibc0a01f978bfc446e1dc1f8ad952d1305a7b7178
Signed-off-by: ToineSiebelink <toine.siebelink@est.tech>

1 files changed, 6 insertions, 0 deletions

diff --git a/model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java b/model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java
index 0dab08dcb..0763492fc 100644
--- a/model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java
+++ b/model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java
@@ -202,6 +202,9 @@ public class ApexModelWriter<C extends AxConcept> {
             // Write the concept into a DOM document, then transform to add CDATA fields and pretty
             // print, then write out the result
             final DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
+            docBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+            docBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
+
             docBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
             final Document document = docBuilderFactory.newDocumentBuilder().newDocument();
 
@@ -223,6 +226,9 @@ public class ApexModelWriter<C extends AxConcept> {
     private Transformer getTransformer() throws TransformerConfigurationException {
         // Transform the DOM to the output stream
         final TransformerFactory transformerFactory = TransformerFactory.newInstance();
+        transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+        transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
+
         final Transformer domTransformer = transformerFactory.newTransformer();
 
         // Pretty print