From 6d6fde75df5837c67a0e098eda59a60bc6923041 Mon Sep 17 00:00:00 2001 From: "waqas.ikram" Date: Tue, 29 Jun 2021 13:33:51 +0100 Subject: Fixing XML parsers security bug Change-Id: I8a4f156196af47272a2732b1fbddafb6f0eb1f4d Issue-ID: SO-3668 Signed-off-by: waqas.ikram --- .../java/org/onap/so/adapters/tasks/orchestration/PollService.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'adapters/mso-openstack-adapters/src/main') diff --git a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/tasks/orchestration/PollService.java b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/tasks/orchestration/PollService.java index 44d394730f..dfb3075d00 100644 --- a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/tasks/orchestration/PollService.java +++ b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/tasks/orchestration/PollService.java @@ -32,6 +32,7 @@ import javax.xml.XMLConstants; import javax.xml.bind.JAXB; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; +import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.mutable.MutableBoolean; import org.camunda.bpm.client.task.ExternalTask; import org.camunda.bpm.client.task.ExternalTaskService; @@ -76,8 +77,6 @@ public class PollService extends ExternalTaskUtils { private static final Logger logger = LoggerFactory.getLogger(PollService.class); - private static final String EMPTY_STRING = ""; - @Autowired private MsoVnfAdapterImpl vnfAdapterImpl; @@ -326,8 +325,8 @@ public class PollService extends ExternalTaskUtils { protected Optional findRequestType(final String xmlString) { try { final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, EMPTY_STRING); - factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, EMPTY_STRING); + factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, StringUtils.EMPTY); + factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, StringUtils.EMPTY); final DocumentBuilder builder = factory.newDocumentBuilder(); final Document doc = builder.parse(new ByteArrayInputStream(xmlString.getBytes(StandardCharsets.UTF_8))); -- cgit 1.2.3-korg