Merge "Fortify scan reports vulnerability on"

author: Steve Smokowski <ss835w@att.com> 2019-10-22 18:08:57 +0000
committer: Gerrit Code Review <gerrit@onap.org> 2019-10-22 18:08:57 +0000
commit: d0b6ec8d6e12a887f6dda5674dd71077c882e556 (patch)
tree: 41674bfac54f20735dc21749403be9bcd3551828
parent: 2a464d81219b123b3f83e53cbd59519d6d833d96 (diff)
parent: ebb7a2f593357acf321c690542e6e7a08a2d6226 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/sdnc/tasks/SDNCRequestTasks.java b/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/sdnc/tasks/SDNCRequestTasks.java
index 3383fde0a8..e55fa9e24b 100644
--- a/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/sdnc/tasks/SDNCRequestTasks.java
+++ b/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/sdnc/tasks/SDNCRequestTasks.java
@@ -102,6 +102,9 @@ public class SDNCRequestTasks {
             String asyncRequest = (String) execution.getVariable(request.getCorrelationName() + MESSAGE);
 
             DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+            dbf.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            dbf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+            dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
             DocumentBuilder db = dbf.newDocumentBuilder();
             Document doc = db.parse(new InputSource(new StringReader(asyncRequest)));
author	Steve Smokowski <ss835w@att.com>	2019-10-22 18:08:57 +0000
committer	Gerrit Code Review <gerrit@onap.org>	2019-10-22 18:08:57 +0000
commit	d0b6ec8d6e12a887f6dda5674dd71077c882e556 (patch)
tree	41674bfac54f20735dc21749403be9bcd3551828
parent	2a464d81219b123b3f83e53cbd59519d6d833d96 (diff)
parent	ebb7a2f593357acf321c690542e6e7a08a2d6226 (diff)