From c8a11265085b1342c4efa03a9985d9fd9ca203a3 Mon Sep 17 00:00:00 2001 From: Neil Derraugh Date: Mon, 8 Jun 2020 15:45:58 -0400 Subject: Set properties on XML parsers to prevent XXE attack - Set ACCESS_EXTERNAL_DTD and ACCESS_EXTERNAL_SCHEMA properties on XML parsers to prevent XXE attacks Issue-ID: SDC-3106 Signed-off-by: Neil Derraugh Change-Id: If4e835858dd3d718d37b3ee41fb2fd0c94574c24 --- .../java/org/openecomp/sdc/asdctool/impl/GraphMLDataAnalyzer.java | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'asdctool/src/main') diff --git a/asdctool/src/main/java/org/openecomp/sdc/asdctool/impl/GraphMLDataAnalyzer.java b/asdctool/src/main/java/org/openecomp/sdc/asdctool/impl/GraphMLDataAnalyzer.java index 312d862747..d8642ebf54 100644 --- a/asdctool/src/main/java/org/openecomp/sdc/asdctool/impl/GraphMLDataAnalyzer.java +++ b/asdctool/src/main/java/org/openecomp/sdc/asdctool/impl/GraphMLDataAnalyzer.java @@ -20,6 +20,7 @@ package org.openecomp.sdc.asdctool.impl; +import javax.xml.XMLConstants; import org.apache.poi.hssf.usermodel.HSSFWorkbook; import org.apache.poi.ss.usermodel.Row; import org.apache.poi.ss.usermodel.Sheet; @@ -69,6 +70,9 @@ public class GraphMLDataAnalyzer { private String analyzeGraphMLData(String mlFileLocation) throws JDOMException, IOException { // Parse ML file SAXBuilder builder = new SAXBuilder(); + builder.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, ""); + builder.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); + File xmlFile = new File(mlFileLocation); Document document = builder.build(xmlFile); -- cgit 1.2.3-korg