Merge pull request #286 from arunvenmany-ibm/sast_issue_fix_1.0

using access extenal dtd property as not allowed in xmleventreader of…
OpenLiberty · Aug 7, 2024 · 9a55260 · 9a55260
2 parents 4329148 + 8da183d
commit 9a55260
Showing 1 changed file with 4 additions and 5 deletions.
diff --git a/lemminx-liberty/src/main/java/io/openliberty/tools/langserver/lemminx/util/XmlReader.java b/lemminx-liberty/src/main/java/io/openliberty/tools/langserver/lemminx/util/XmlReader.java
@@ -31,6 +31,7 @@
 import javax.xml.stream.XMLStreamException;
 import javax.xml.stream.events.Characters;
 import javax.xml.stream.events.XMLEvent;
+import javax.xml.transform.stream.StreamSource;
 
 public class XmlReader {
     private static final Logger LOGGER = Logger.getLogger(XmlReader.class.getName());
@@ -87,7 +88,7 @@ public static boolean hasServerRoot(File xmlFile) {
     }
 
     private static XMLInputFactory getXmlInputFactory() {
-        XMLInputFactory factory = XMLInputFactory.newInstance();
+        XMLInputFactory factory = XMLInputFactory.newFactory();
         try {
             factory.setProperty(XMLInputFactory.IS_VALIDATING, Boolean.FALSE);
             factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
@@ -119,7 +120,7 @@ public static Map<String, String> getElementValues(Path file, Set<String> elemen
         XMLInputFactory factory = getXmlInputFactory();
         XMLEventReader reader = null;
         try {
-            reader = factory.createXMLEventReader(new FileInputStream(file.toFile()));
+            reader = factory.createXMLEventReader(new StreamSource(file.toFile()));
             while (reader.hasNext()) {
                 XMLEvent event = reader.nextEvent();
                 if (!event.isStartElement()) {
@@ -134,9 +135,7 @@ public static Map<String, String> getElementValues(Path file, Set<String> elemen
                     }
                 }
             } 
-        } catch (FileNotFoundException e) {
-            LOGGER.severe("Unable to access file "+ file.toFile().getName());
-        } catch (XMLStreamException e) {
+        }  catch (XMLStreamException e) {
             LOGGER.severe("Error received trying to read XML file " + file.toFile().getName() + " : "+e.getMessage());
         } finally {
             if (reader != null) {