You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@maven.apache.org by sl...@apache.org on 2021/01/12 22:41:09 UTC

[maven-help-plugin] 02/08: Sonar: Disable access to external entities in XML parsing

This is an automated email from the ASF dual-hosted git repository.

slachiewicz pushed a commit to branch refactor-test
in repository https://gitbox.apache.org/repos/asf/maven-help-plugin.git

commit 2141ad02a785abd3e54feb1ba0ce5de98992cc13
Author: Sylwester Lachiewicz <sl...@apache.org>
AuthorDate: Mon Jan 11 23:14:07 2021 +0100

    Sonar: Disable access to external entities in XML parsing
---
 .../java/org/apache/maven/plugins/help/AbstractEffectiveMojo.java    | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/apache/maven/plugins/help/AbstractEffectiveMojo.java b/src/main/java/org/apache/maven/plugins/help/AbstractEffectiveMojo.java
index f1232ac..96ed683 100644
--- a/src/main/java/org/apache/maven/plugins/help/AbstractEffectiveMojo.java
+++ b/src/main/java/org/apache/maven/plugins/help/AbstractEffectiveMojo.java
@@ -40,6 +40,8 @@ import org.jdom2.input.SAXBuilder;
 import org.jdom2.output.Format;
 import org.jdom2.output.XMLOutputter;
 
+import javax.xml.XMLConstants;
+
 /**
  * Base class with common utilities to write effective Pom/settings.
  *
@@ -111,7 +113,8 @@ public abstract class AbstractEffectiveMojo
     protected static String prettyFormat( String effectiveModel, String encoding, boolean omitDeclaration )
     {
         SAXBuilder builder = new SAXBuilder();
-
+        builder.setProperty( XMLConstants.ACCESS_EXTERNAL_DTD, "" );
+        builder.setProperty( XMLConstants.ACCESS_EXTERNAL_SCHEMA, "" );
         try
         {
             Document effectiveDocument = builder.build( new StringReader( effectiveModel ) );