summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJorge Hernandez <jh1730@att.com>2018-02-23 19:48:14 +0000
committerGerrit Code Review <gerrit@onap.org>2018-02-23 19:48:14 +0000
commitfa54ede568ac252870b5ab4ab00878d471659143 (patch)
tree768757c284333b7ccf4648bc80c4846b631a2a31
parentdb22558f4ddb77c3b56f3750177a4111d4c353f6 (diff)
parentd6c76c07e016ef7dd3bf26ea945f1a3c736de412 (diff)
Merge "Fix Fortify Issue - External Entity Injection"
Diffstat
-rw-r--r--PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java7
1 files changed, 5 insertions, 2 deletions
diff --git a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java
index 0f38232e1..e17ddc681 100644
--- a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java
+++ b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java
@@ -2,7 +2,7 @@
* ============LICENSE_START=======================================================
* PolicyEngineUtils
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -31,6 +31,7 @@ import java.util.StringTokenizer;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import javax.xml.XMLConstants;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
@@ -284,7 +285,9 @@ public class PolicyUtils {
SAXParserFactory factory = SAXParserFactory.newInstance();
factory.setValidating(false);
factory.setNamespaceAware(true);
- try {
+
+ try {
+ factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
SAXParser parser = factory.newSAXParser();
XMLReader reader = parser.getXMLReader();
reader.setErrorHandler(new XMLErrorHandler());