Skip to content

Commit ab3ce05

Browse files
committed
fix xxe vulnerability
1 parent 24ab432 commit ab3ce05

2 files changed

Lines changed: 4 additions & 2 deletions

File tree

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,3 +6,4 @@ output.xml
66
.project
77
.settings
88
.DS_Store
9+
.dccache

src/main/java/io/codeclou/java/junit/xml/merger/JunitXmlParser.java

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -52,8 +52,9 @@ public class JunitXmlParser {
5252
private Boolean hasFileNotFoundErrors = false;
5353

5454
protected TestSuite parseTestSuite(File filename) throws ParserConfigurationException, SAXException, IOException {
55-
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
56-
DocumentBuilder builder = factory.newDocumentBuilder();
55+
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
56+
dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
57+
DocumentBuilder builder = dbf.newDocumentBuilder();
5758
Document document = builder.parse(filename);
5859
return transform(document.getFirstChild());
5960
}

0 commit comments

Comments
 (0)