summaryrefslogtreecommitdiffstats
path: root/PolicyEngineUtils/src/main/java
diff options
context:
space:
mode:
authorguangxingwang <gw1218@att.com>2018-02-22 15:13:17 -0600
committerguangxingwang <gw1218@att.com>2018-02-23 13:21:48 -0600
commitd6c76c07e016ef7dd3bf26ea945f1a3c736de412 (patch)
treebf9728bd2782ca3cb5f31de5ba02bbb9a3fb31d7 /PolicyEngineUtils/src/main/java
parente22a2b613bda0e683043ef870d6b16e5a7e04df7 (diff)
Fix Fortify Issue - External Entity Injection
Fix Fortify Issue by setting secure process of factory as true Issue-ID: POLICY-551 Change-Id: I46890d2664d0ae9ed9540ba830d0f4b27136a6e9 Signed-off-by: guangxingwang <gw1218@att.com>
Diffstat (limited to 'PolicyEngineUtils/src/main/java')
-rw-r--r--PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java7
1 files changed, 5 insertions, 2 deletions
diff --git a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java
index 0f38232e1..e17ddc681 100644
--- a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java
+++ b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java
@@ -2,7 +2,7 @@
* ============LICENSE_START=======================================================
* PolicyEngineUtils
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -31,6 +31,7 @@ import java.util.StringTokenizer;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import javax.xml.XMLConstants;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
@@ -284,7 +285,9 @@ public class PolicyUtils {
SAXParserFactory factory = SAXParserFactory.newInstance();
factory.setValidating(false);
factory.setNamespaceAware(true);
- try {
+
+ try {
+ factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
SAXParser parser = factory.newSAXParser();
XMLReader reader = parser.getXMLReader();
reader.setErrorHandler(new XMLErrorHandler());