You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@camel.apache.org by "cunningt (via GitHub)" <gi...@apache.org> on 2023/10/25 19:22:57 UTC

[PR] Set features to DocumentBuilderFactory to protect from XXE; fix for SAST [camel-spring-boot]

cunningt opened a new pull request, #989:
URL: https://github.com/apache/camel-spring-boot/pull/989

   Set features to DocumentBuilderFactory to protect from XXE; fix for SAST


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] Set features to DocumentBuilderFactory to protect from XXE; fix for SAST [camel-spring-boot]

Posted by "davsclaus (via GitHub)" <gi...@apache.org>.

davsclaus merged PR #989:
URL: https://github.com/apache/camel-spring-boot/pull/989


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] Set features to DocumentBuilderFactory to protect from XXE; fix for SAST [camel-spring-boot]

Posted by "davsclaus (via GitHub)" <gi...@apache.org>.

davsclaus commented on code in PR #989:
URL: https://github.com/apache/camel-spring-boot/pull/989#discussion_r1372246340


##########
tests/camel-itest-spring-boot/src/test/java/org/apache/camel/itest/springboot/util/DependencyResolver.java:
##########
@@ -151,6 +151,9 @@ private static String getParentVersion(File pom) throws Exception {
     }
 
     private static String xpath(File pom, String expression) throws Exception {
+        factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl",true);

Review Comment:
   space after comma is the code style we use



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org