You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by sl...@apache.org on 2021/01/12 22:41:09 UTC
[maven-help-plugin] 02/08: Sonar: Disable access to external
entities in XML parsing
This is an automated email from the ASF dual-hosted git repository.
slachiewicz pushed a commit to branch refactor-test
in repository https://gitbox.apache.org/repos/asf/maven-help-plugin.git
commit 2141ad02a785abd3e54feb1ba0ce5de98992cc13
Author: Sylwester Lachiewicz <sl...@apache.org>
AuthorDate: Mon Jan 11 23:14:07 2021 +0100
Sonar: Disable access to external entities in XML parsing
---
.../java/org/apache/maven/plugins/help/AbstractEffectiveMojo.java | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/main/java/org/apache/maven/plugins/help/AbstractEffectiveMojo.java b/src/main/java/org/apache/maven/plugins/help/AbstractEffectiveMojo.java
index f1232ac..96ed683 100644
--- a/src/main/java/org/apache/maven/plugins/help/AbstractEffectiveMojo.java
+++ b/src/main/java/org/apache/maven/plugins/help/AbstractEffectiveMojo.java
@@ -40,6 +40,8 @@ import org.jdom2.input.SAXBuilder;
import org.jdom2.output.Format;
import org.jdom2.output.XMLOutputter;
+import javax.xml.XMLConstants;
+
/**
* Base class with common utilities to write effective Pom/settings.
*
@@ -111,7 +113,8 @@ public abstract class AbstractEffectiveMojo
protected static String prettyFormat( String effectiveModel, String encoding, boolean omitDeclaration )
{
SAXBuilder builder = new SAXBuilder();
-
+ builder.setProperty( XMLConstants.ACCESS_EXTERNAL_DTD, "" );
+ builder.setProperty( XMLConstants.ACCESS_EXTERNAL_SCHEMA, "" );
try
{
Document effectiveDocument = builder.build( new StringReader( effectiveModel ) );