You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by da...@apache.org on 2023/10/26 07:42:16 UTC
[camel-spring-boot] branch main updated: Set features to DocumentBuilderFactory to protect from XXE; fix for SAST (#989)
This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-spring-boot.git
The following commit(s) were added to refs/heads/main by this push:
new e3c05c79933 Set features to DocumentBuilderFactory to protect from XXE; fix for SAST (#989)
e3c05c79933 is described below
commit e3c05c799332bdd23c3a2caeac85b1b306479f36
Author: Tom Cunningham <tc...@redhat.com>
AuthorDate: Thu Oct 26 03:42:11 2023 -0400
Set features to DocumentBuilderFactory to protect from XXE; fix for SAST (#989)
---
.../org/apache/camel/itest/springboot/util/DependencyResolver.java | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tests/camel-itest-spring-boot/src/test/java/org/apache/camel/itest/springboot/util/DependencyResolver.java b/tests/camel-itest-spring-boot/src/test/java/org/apache/camel/itest/springboot/util/DependencyResolver.java
index 2b0cbe6e80a..5b9566d22ec 100644
--- a/tests/camel-itest-spring-boot/src/test/java/org/apache/camel/itest/springboot/util/DependencyResolver.java
+++ b/tests/camel-itest-spring-boot/src/test/java/org/apache/camel/itest/springboot/util/DependencyResolver.java
@@ -151,6 +151,9 @@ public final class DependencyResolver {
}
private static String xpath(File pom, String expression) throws Exception {
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl",true);
+ factory.setFeature("http://xml.org/sax/features/external-general-entities",false);
+ factory.setFeature("http://xml.org/sax/features/external-parameter-entities",false);
DocumentBuilder builder = factory.newDocumentBuilder();
Document doc = builder.parse(pom);
XPath xpath = xPathfactory.newXPath();