summaryrefslogtreecommitdiffstats
path: root/examples/examples-onap-bbs/src
diff options
context:
space:
mode:
Diffstat (limited to 'examples/examples-onap-bbs/src')
-rw-r--r--examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java8
-rw-r--r--examples/examples-onap-bbs/src/test/java/org/onap/policy/apex/examples/bbs/WebClientTest.java13
2 files changed, 13 insertions, 8 deletions
diff --git a/examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java b/examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java
index edaff6b52..884708d03 100644
--- a/examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java
+++ b/examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java
@@ -34,7 +34,6 @@ import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
-import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
@@ -64,6 +63,10 @@ public class WebClient {
// Duplicated string constants
private static final String BBS_POLICY = "BBS Policy";
+ //Features to prevent XXE injection
+ private static final String XML_DISALLOW_DOCTYPE_FEATURE = "http://apache.org/xml/features/disallow-doctype-decl";
+ private static final String XML_EXTERNAL_ENTITY_FEATURE = "http://xml.org/sax/features/external-general-entities";
+
/**
* Send simple https rest request.
*
@@ -140,7 +143,8 @@ public class WebClient {
try (ByteArrayInputStream br = new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8))) {
DocumentBuilderFactory df = DocumentBuilderFactory.newInstance();
- df.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ df.setFeature(XML_DISALLOW_DOCTYPE_FEATURE, true);
+ df.setFeature(XML_EXTERNAL_ENTITY_FEATURE, false);
Document document = df.newDocumentBuilder().parse(new InputSource(br));
document.normalize();
diff --git a/examples/examples-onap-bbs/src/test/java/org/onap/policy/apex/examples/bbs/WebClientTest.java b/examples/examples-onap-bbs/src/test/java/org/onap/policy/apex/examples/bbs/WebClientTest.java
index 3cb588dc7..ba1481c0b 100644
--- a/examples/examples-onap-bbs/src/test/java/org/onap/policy/apex/examples/bbs/WebClientTest.java
+++ b/examples/examples-onap-bbs/src/test/java/org/onap/policy/apex/examples/bbs/WebClientTest.java
@@ -36,6 +36,7 @@ import org.junit.Test;
import org.mockito.Mockito;
public class WebClientTest {
+
HttpsURLConnection mockedHttpsUrlConnection;
String sampleString = "Response Code :200";
@@ -55,24 +56,24 @@ public class WebClientTest {
@Test
public void testHttpsRequest() {
WebClient cl = new WebClient();
- String result =
- cl.httpRequest("https://some.random.url/data", "POST", null, "admin", "admin", "application/json");
+ String result = cl
+ .httpRequest("https://some.random.url/data", "POST", null, "admin", "admin", "application/json");
assertNotNull(result);
}
@Test
public void testHttpRequest() {
WebClient cl = new WebClient();
- String result =
- cl.httpRequest("http://some.random.url/data", "GET", null, "admin", "admin", "application/json");
+ String result = cl
+ .httpRequest("http://some.random.url/data", "GET", null, "admin", "admin", "application/json");
assertNotNull(result);
}
@Test
public void testToPrettyString() {
String xmlSample = "<input xmlns=\"org:onap:sdnc:northbound:generic-resource\">"
- + "<sdnc-request-header> <svc-action>update</svc-action> </sdnc-request-header></input>";
+ + "<sdnc-request-header> <svc-action>update</svc-action> </sdnc-request-header></input>";
WebClient cl = new WebClient();
- cl.toPrettyString(xmlSample, 4);
+ assertNotNull(cl.toPrettyString(xmlSample, 4));
}
}