You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Philip Zampino (Jira)" <ji...@apache.org> on 2021/08/26 15:21:00 UTC

[jira] [Created] (KNOX-2649) ServiceDefinitionUnmarshaller should disable support for external entities

Philip Zampino created KNOX-2649:
------------------------------------

             Summary: ServiceDefinitionUnmarshaller should disable support for external entities
                 Key: KNOX-2649
                 URL: https://issues.apache.org/jira/browse/KNOX-2649
             Project: Apache Knox
          Issue Type: Bug
          Components: Server
    Affects Versions: 1.5.0
            Reporter: Philip Zampino


org.apache.knox.gateway.service.admin.ServiceDefinitionUnmarshaller should disable support for external XML entities in the _readFrom_ method.

 
{code:java}
XMLInputFactory f = XMLInputFactory.newFactory();
f.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
f.setProperty(XMLInputFactory.SUPPORT_DTD, false);
XMLStreamReader xsr = f.createXMLStreamReader(entityStream);
return (ServiceDefinitionPair) getUnmarshaller().unmarshal(xsr);
{code}
 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)