commit fa54ede568ac252870b5ab4ab00878d471659143
author Jorge Hernandez <jh1730@att.com> Fri Feb 23 19:48:14 2018 +0000
committer Gerrit Code Review <gerrit@onap.org> Fri Feb 23 19:48:14 2018 +0000
tree 768757c284333b7ccf4648bc80c4846b631a2a31
parent db22558f4ddb77c3b56f3750177a4111d4c353f6
parent d6c76c07e016ef7dd3bf26ea945f1a3c736de412

Merge "Fix Fortify Issue - External Entity Injection"

PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java

diff --git a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java
index 0f38232..e17ddc6 100644
--- a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java
+++ b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PolicyUtils.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START=======================================================
  * PolicyEngineUtils
  * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,6 +31,7 @@
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.SAXParser;
 import javax.xml.parsers.SAXParserFactory;
 
@@ -284,7 +285,9 @@
         SAXParserFactory factory = SAXParserFactory.newInstance();
         factory.setValidating(false);
         factory.setNamespaceAware(true);
-        try {
+        
+        try {    
+			factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);		
             SAXParser parser = factory.newSAXParser();
             XMLReader reader = parser.getXMLReader();
             reader.setErrorHandler(new XMLErrorHandler());