aboutsummaryrefslogtreecommitdiffstats
path: root/adapters
diff options
context:
space:
mode:
authorwaqas.ikram <waqas.ikram@est.tech>2021-06-29 13:33:51 +0100
committerwaqas.ikram <waqas.ikram@est.tech>2021-06-29 16:26:53 +0100
commit6d6fde75df5837c67a0e098eda59a60bc6923041 (patch)
treefa29a2f5b71f434790319b02c91e40b905a7b460 /adapters
parentd71ffa01c4ca340494717ec43dbc17b43ca8706a (diff)
Fixing XML parsers security bug
Change-Id: I8a4f156196af47272a2732b1fbddafb6f0eb1f4d Issue-ID: SO-3668 Signed-off-by: waqas.ikram <waqas.ikram@est.tech>
Diffstat (limited to 'adapters')
-rw-r--r--adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/tasks/orchestration/PollService.java7
1 files changed, 3 insertions, 4 deletions
diff --git a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/tasks/orchestration/PollService.java b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/tasks/orchestration/PollService.java
index 44d394730f..dfb3075d00 100644
--- a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/tasks/orchestration/PollService.java
+++ b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/tasks/orchestration/PollService.java
@@ -32,6 +32,7 @@ import javax.xml.XMLConstants;
import javax.xml.bind.JAXB;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
+import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.mutable.MutableBoolean;
import org.camunda.bpm.client.task.ExternalTask;
import org.camunda.bpm.client.task.ExternalTaskService;
@@ -76,8 +77,6 @@ public class PollService extends ExternalTaskUtils {
private static final Logger logger = LoggerFactory.getLogger(PollService.class);
- private static final String EMPTY_STRING = "";
-
@Autowired
private MsoVnfAdapterImpl vnfAdapterImpl;
@@ -326,8 +325,8 @@ public class PollService extends ExternalTaskUtils {
protected Optional<String> findRequestType(final String xmlString) {
try {
final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, EMPTY_STRING);
- factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, EMPTY_STRING);
+ factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, StringUtils.EMPTY);
+ factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, StringUtils.EMPTY);
final DocumentBuilder builder = factory.newDocumentBuilder();
final Document doc = builder.parse(new ByteArrayInputStream(xmlString.getBytes(StandardCharsets.UTF_8)));