summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteve Smokowski <ss835w@att.com>2019-10-22 18:08:57 +0000
committerGerrit Code Review <gerrit@onap.org>2019-10-22 18:08:57 +0000
commitd0b6ec8d6e12a887f6dda5674dd71077c882e556 (patch)
tree41674bfac54f20735dc21749403be9bcd3551828
parent2a464d81219b123b3f83e53cbd59519d6d833d96 (diff)
parentebb7a2f593357acf321c690542e6e7a08a2d6226 (diff)
Merge "Fortify scan reports vulnerability on"
-rw-r--r--bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/sdnc/tasks/SDNCRequestTasks.java3
1 files changed, 3 insertions, 0 deletions
diff --git a/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/sdnc/tasks/SDNCRequestTasks.java b/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/sdnc/tasks/SDNCRequestTasks.java
index 3383fde0a8..e55fa9e24b 100644
--- a/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/sdnc/tasks/SDNCRequestTasks.java
+++ b/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/sdnc/tasks/SDNCRequestTasks.java
@@ -102,6 +102,9 @@ public class SDNCRequestTasks {
String asyncRequest = (String) execution.getVariable(request.getCorrelationName() + MESSAGE);
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setFeature("http://xml.org/sax/features/external-general-entities", false);
+ dbf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+ dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
DocumentBuilder db = dbf.newDocumentBuilder();
Document doc = db.parse(new InputSource(new StringReader(asyncRequest)));