You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@camel.apache.org by ac...@apache.org on 2023/05/23 08:31:07 UTC

[camel] 01/01: Make Sonar happy: XmlStreamDetector XMLInputFactory should not allow external entities

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch sonar-happy-happy
in repository https://gitbox.apache.org/repos/asf/camel.git

commit 19328cb57a7f96909de8da3a1731911bd8a50ab8
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Tue May 23 10:30:05 2023 +0200

    Make Sonar happy: XmlStreamDetector XMLInputFactory should not allow external entities
    
    Signed-off-by: Andrea Cosentino <an...@gmail.com>
---
 .../src/main/java/org/apache/camel/xml/io/util/XmlStreamDetector.java    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/core/camel-xml-io-util/src/main/java/org/apache/camel/xml/io/util/XmlStreamDetector.java b/core/camel-xml-io-util/src/main/java/org/apache/camel/xml/io/util/XmlStreamDetector.java
index 68775cf60eb..f795c11abdc 100644
--- a/core/camel-xml-io-util/src/main/java/org/apache/camel/xml/io/util/XmlStreamDetector.java
+++ b/core/camel-xml-io-util/src/main/java/org/apache/camel/xml/io/util/XmlStreamDetector.java
@@ -66,6 +66,7 @@ public class XmlStreamDetector {
         try {
             XMLInputFactory factory = XMLInputFactory.newInstance();
             factory.setProperty(XMLInputFactory.IS_COALESCING, Boolean.TRUE);
+            factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
             reader = factory.createXMLStreamReader(xmlStream);
         } catch (XMLStreamException e) {
             information.problem = e;