You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@camel.apache.org by da...@apache.org on 2022/12/19 09:00:30 UTC

[camel] 01/03: CAMEL-18825: Make XmlHelper more secure

This is an automated email from the ASF dual-hosted git repository.

davsclaus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git

commit 57e868ab5cb11693423c800b01eabe105f656c03
Author: Claus Ibsen <cl...@gmail.com>
AuthorDate: Mon Dec 19 09:42:28 2022 +0100

    CAMEL-18825: Make XmlHelper more secure
---
 .../src/main/java/org/apache/camel/maven/XmlHelper.java              | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tooling/maven/camel-eip-documentation-enricher-maven-plugin/src/main/java/org/apache/camel/maven/XmlHelper.java b/tooling/maven/camel-eip-documentation-enricher-maven-plugin/src/main/java/org/apache/camel/maven/XmlHelper.java
index 5def7578e21..f3bba7438e2 100644
--- a/tooling/maven/camel-eip-documentation-enricher-maven-plugin/src/main/java/org/apache/camel/maven/XmlHelper.java
+++ b/tooling/maven/camel-eip-documentation-enricher-maven-plugin/src/main/java/org/apache/camel/maven/XmlHelper.java
@@ -46,6 +46,11 @@ public final class XmlHelper {
         factory.setNamespaceAware(true);
         factory.setIgnoringElementContentWhitespace(true);
         factory.setIgnoringComments(true);
+        try {
+            // disable DOCTYPE declaration:
+            factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+        } catch (ParserConfigurationException e) {
+        }
         try {
             // Set secure processing
             factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);