Skip to content

Commit

Permalink
NO-ISSUE: Fix load external schemas vulnerability
Browse files Browse the repository at this point in the history 
The sonar reports https://rules.sonarsource.com/java/RSPEC-6374/ vulnerability for `jbpm/jbpm-flow-builder/src/main/java/org/jbpm/compiler/xml/core/ExtensibleXmlParser.java`
  • Loading branch information
@jomarko
jomarko committed Aug 29, 2023
1 parent 0674e2e commit 25fdc3c
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions jbpm/jbpm-flow-builder/src/main/java/org/jbpm/compiler/xml/core/ExtensibleXmlParser.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -265,6 +265,7 @@ public Object read(final InputSource in) throws SAXException,
try {
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);

} catch (ParserConfigurationException e) {
logger.warn("Unable to set parser features due to {}", e.getMessage());
Expand Down

0 comments on commit 25fdc3c

Please sign in to comment.