diff options
author | waqas.ikram <waqas.ikram@est.tech> | 2021-06-29 13:33:51 +0100 |
---|---|---|
committer | waqas.ikram <waqas.ikram@est.tech> | 2021-06-29 16:26:53 +0100 |
commit | 6d6fde75df5837c67a0e098eda59a60bc6923041 (patch) | |
tree | fa29a2f5b71f434790319b02c91e40b905a7b460 /adapters | |
parent | d71ffa01c4ca340494717ec43dbc17b43ca8706a (diff) |
Fixing XML parsers security bug
Change-Id: I8a4f156196af47272a2732b1fbddafb6f0eb1f4d
Issue-ID: SO-3668
Signed-off-by: waqas.ikram <waqas.ikram@est.tech>
Diffstat (limited to 'adapters')
-rw-r--r-- | adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/tasks/orchestration/PollService.java | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/tasks/orchestration/PollService.java b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/tasks/orchestration/PollService.java index 44d394730f..dfb3075d00 100644 --- a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/tasks/orchestration/PollService.java +++ b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/tasks/orchestration/PollService.java @@ -32,6 +32,7 @@ import javax.xml.XMLConstants; import javax.xml.bind.JAXB; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; +import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.mutable.MutableBoolean; import org.camunda.bpm.client.task.ExternalTask; import org.camunda.bpm.client.task.ExternalTaskService; @@ -76,8 +77,6 @@ public class PollService extends ExternalTaskUtils { private static final Logger logger = LoggerFactory.getLogger(PollService.class); - private static final String EMPTY_STRING = ""; - @Autowired private MsoVnfAdapterImpl vnfAdapterImpl; @@ -326,8 +325,8 @@ public class PollService extends ExternalTaskUtils { protected Optional<String> findRequestType(final String xmlString) { try { final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, EMPTY_STRING); - factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, EMPTY_STRING); + factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, StringUtils.EMPTY); + factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, StringUtils.EMPTY); final DocumentBuilder builder = factory.newDocumentBuilder(); final Document doc = builder.parse(new ByteArrayInputStream(xmlString.getBytes(StandardCharsets.UTF_8))); |