fix sonarqube warning about xxe processing

2026-01-30 19:29:11 +01:00 · 2019-11-28 10:45:57 +01:00
parent bfcc9bf4a6
commit 312fb9bb05
1 changed files with 3 additions and 1 deletions
--- a/scm-dao-xml/src/main/java/sonia/scm/xml/XmlStreams.java
+++ b/scm-dao-xml/src/main/java/sonia/scm/xml/XmlStreams.java
@@ -52,7 +52,9 @@ public final class XmlStreams {
  }

  private static XMLStreamReader createReader(Reader reader) throws XMLStreamException {
-    return XMLInputFactory.newInstance().createXMLStreamReader(reader);
+    XMLInputFactory factory = XMLInputFactory.newInstance();
+    factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
+    return factory.createXMLStreamReader(reader);
  }