From bf368d2a9cf764f22126fd59c9a3a10ab12fb4bb Mon Sep 17 00:00:00 2001 From: ToineSiebelink Date: Mon, 29 Jun 2020 12:24:38 +0100 Subject: Fix SonarQube vulnerabilities Added logging to handle file io boolean returns Added security related settings to xml factories and builders Issue-ID: POLICY-2654 Change-Id: Ibc0a01f978bfc446e1dc1f8ad952d1305a7b7178 Signed-off-by: ToineSiebelink --- .../src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'examples') diff --git a/examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java b/examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java index f3ea15935..e01e997fd 100644 --- a/examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java +++ b/examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java @@ -34,6 +34,7 @@ import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; +import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.transform.OutputKeys; import javax.xml.transform.Transformer; @@ -158,6 +159,9 @@ public class WebClient { TransformerFactory transformerFactory = TransformerFactory.newInstance(); transformerFactory.setAttribute("indent-number", indent); + transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); + transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); transformer.setOutputProperty(OutputKeys.ENCODING, StandardCharsets.UTF_8.name()); transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); -- cgit 1.2.3-korg