You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ac...@apache.org on 2023/05/23 08:31:07 UTC
[camel] 01/01: Make Sonar happy: XmlStreamDetector XMLInputFactory should not allow external entities
This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch sonar-happy-happy
in repository https://gitbox.apache.org/repos/asf/camel.git
commit 19328cb57a7f96909de8da3a1731911bd8a50ab8
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Tue May 23 10:30:05 2023 +0200
Make Sonar happy: XmlStreamDetector XMLInputFactory should not allow external entities
Signed-off-by: Andrea Cosentino <an...@gmail.com>
---
.../src/main/java/org/apache/camel/xml/io/util/XmlStreamDetector.java | 1 +
1 file changed, 1 insertion(+)
diff --git a/core/camel-xml-io-util/src/main/java/org/apache/camel/xml/io/util/XmlStreamDetector.java b/core/camel-xml-io-util/src/main/java/org/apache/camel/xml/io/util/XmlStreamDetector.java
index 68775cf60eb..f795c11abdc 100644
--- a/core/camel-xml-io-util/src/main/java/org/apache/camel/xml/io/util/XmlStreamDetector.java
+++ b/core/camel-xml-io-util/src/main/java/org/apache/camel/xml/io/util/XmlStreamDetector.java
@@ -66,6 +66,7 @@ public class XmlStreamDetector {
try {
XMLInputFactory factory = XMLInputFactory.newInstance();
factory.setProperty(XMLInputFactory.IS_COALESCING, Boolean.TRUE);
+ factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
reader = factory.createXMLStreamReader(xmlStream);
} catch (XMLStreamException e) {
information.problem = e;