Skip to content

Commit

Permalink
NMS-15699: Prevent external xml entity loading
Browse files Browse the repository at this point in the history
  • Loading branch information
@fooker
fooker committed Jul 17, 2023
1 parent 6ccc5de commit 5a3b0b6
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions core/xml/src/main/java/org/opennms/core/xml/JaxbUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -305,9 +305,9 @@ public static <T> XMLFilter getXMLFilterForClass(final Class<T> clazz, boolean d
final XMLReader xmlReader = XMLReaderFactory.createXMLReader();
if (disableDOCTYPE) {
xmlReader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
xmlReader.setFeature("http://xml.org/sax/features/external-general-entities", false);
xmlReader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
}
xmlReader.setFeature("http://xml.org/sax/features/external-general-entities", false);
xmlReader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
xmlReader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);

filter.setParent(xmlReader);
Expand Down

0 comments on commit 5a3b0b6

Please sign in to comment.