From 25fdc3c88115716f44a01cbd943e87c400821a75 Mon Sep 17 00:00:00 2001 From: jomarko Date: Tue, 29 Aug 2023 11:40:02 +0200 Subject: [PATCH] NO-ISSUE: Fix load external schemas vulnerability The sonar reports https://rules.sonarsource.com/java/RSPEC-6374/ vulnerability for `jbpm/jbpm-flow-builder/src/main/java/org/jbpm/compiler/xml/core/ExtensibleXmlParser.java` --- .../java/org/jbpm/compiler/xml/core/ExtensibleXmlParser.java | 1 + 1 file changed, 1 insertion(+) diff --git a/jbpm/jbpm-flow-builder/src/main/java/org/jbpm/compiler/xml/core/ExtensibleXmlParser.java b/jbpm/jbpm-flow-builder/src/main/java/org/jbpm/compiler/xml/core/ExtensibleXmlParser.java index 01401a1ccc6..dd8b7c708f5 100644 --- a/jbpm/jbpm-flow-builder/src/main/java/org/jbpm/compiler/xml/core/ExtensibleXmlParser.java +++ b/jbpm/jbpm-flow-builder/src/main/java/org/jbpm/compiler/xml/core/ExtensibleXmlParser.java @@ -265,6 +265,7 @@ public Object read(final InputSource in) throws SAXException, try { factory.setFeature("http://xml.org/sax/features/external-general-entities", false); factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); + factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); } catch (ParserConfigurationException e) { logger.warn("Unable to set parser features due to {}", e.getMessage());