You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Philip Zampino (Jira)" <ji...@apache.org> on 2021/08/26 15:21:00 UTC
[jira] [Created] (KNOX-2649) ServiceDefinitionUnmarshaller should
disable support for external entities
Philip Zampino created KNOX-2649:
------------------------------------
Summary: ServiceDefinitionUnmarshaller should disable support for external entities
Key: KNOX-2649
URL: https://issues.apache.org/jira/browse/KNOX-2649
Project: Apache Knox
Issue Type: Bug
Components: Server
Affects Versions: 1.5.0
Reporter: Philip Zampino
org.apache.knox.gateway.service.admin.ServiceDefinitionUnmarshaller should disable support for external XML entities in the _readFrom_ method.
{code:java}
XMLInputFactory f = XMLInputFactory.newFactory();
f.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
f.setProperty(XMLInputFactory.SUPPORT_DTD, false);
XMLStreamReader xsr = f.createXMLStreamReader(entityStream);
return (ServiceDefinitionPair) getUnmarshaller().unmarshal(xsr);
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)