diff options
author | guangxingwang <gw1218@att.com> | 2018-02-22 15:13:17 -0600 |
---|---|---|
committer | guangxingwang <gw1218@att.com> | 2018-02-23 13:21:48 -0600 |
commit | d6c76c07e016ef7dd3bf26ea945f1a3c736de412 (patch) | |
tree | bf9728bd2782ca3cb5f31de5ba02bbb9a3fb31d7 | |
parent | e22a2b613bda0e683043ef870d6b16e5a7e04df7 (diff) |
Fix Fortify Issue - External Entity Injection
Fix Fortify Issue by setting secure process of factory as true
Issue-ID: POLICY-551
Change-Id: I46890d2664d0ae9ed9540ba830d0f4b27136a6e9
Signed-off-by: guangxingwang <gw1218@att.com>
-rw-r--r-- | PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java index 0f38232e1..e17ddc681 100644 --- a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java +++ b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * PolicyEngineUtils * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -31,6 +31,7 @@ import java.util.StringTokenizer; import java.util.regex.Matcher; import java.util.regex.Pattern; +import javax.xml.XMLConstants; import javax.xml.parsers.SAXParser; import javax.xml.parsers.SAXParserFactory; @@ -284,7 +285,9 @@ public class PolicyUtils { SAXParserFactory factory = SAXParserFactory.newInstance(); factory.setValidating(false); factory.setNamespaceAware(true); - try { + + try { + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); SAXParser parser = factory.newSAXParser(); XMLReader reader = parser.getXMLReader(); reader.setErrorHandler(new XMLErrorHandler()); |