Migrate common module to Aluminium Step 2

[transportpce.git] / common / src / main / java / org / opendaylight / transportpce / common / converter / XMLDataObjectConverter.java

diff --git a/common/src/main/java/org/opendaylight/transportpce/common/converter/XMLDataObjectConverter.java b/common/src/main/java/org/opendaylight/transportpce/common/converter/XMLDataObjectConverter.java
index 5afbb407571ee08efe25fd5671a10667c375234f..1e18cd8aebee1d4c413fb62a86c022af8dfc831c 100644 (file)
--- a/common/src/main/java/org/opendaylight/transportpce/common/converter/XMLDataObjectConverter.java
+++ b/common/src/main/java/org/opendaylight/transportpce/common/converter/XMLDataObjectConverter.java
@@ -17,7 +17,6 @@ import java.util.Optional;
 import javax.annotation.Nonnull;
 import javax.xml.XMLConstants;
 import javax.xml.parsers.FactoryConfigurationError;
-import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.stream.XMLInputFactory;
 import javax.xml.stream.XMLOutputFactory;
 import javax.xml.stream.XMLStreamException;
@@ -33,10 +32,11 @@ import org.opendaylight.yangtools.yang.data.api.schema.NormalizedNode;
 import org.opendaylight.yangtools.yang.data.api.schema.stream.NormalizedNodeStreamWriter;
 import org.opendaylight.yangtools.yang.data.api.schema.stream.NormalizedNodeWriter;
 import org.opendaylight.yangtools.yang.data.codec.xml.XMLStreamNormalizedNodeStreamWriter;
+import org.opendaylight.yangtools.yang.data.codec.xml.XmlCodecFactory;
 import org.opendaylight.yangtools.yang.data.codec.xml.XmlParserStream;
 import org.opendaylight.yangtools.yang.data.impl.schema.ImmutableNormalizedNodeStreamWriter;
 import org.opendaylight.yangtools.yang.data.impl.schema.NormalizedNodeResult;
-import org.opendaylight.yangtools.yang.model.api.SchemaContext;
+import org.opendaylight.yangtools.yang.model.api.EffectiveModelContext;
 import org.opendaylight.yangtools.yang.model.api.SchemaNode;
 import org.opendaylight.yangtools.yang.model.api.SchemaPath;
 import org.slf4j.Logger;
@@ -56,9 +56,12 @@ public final class XMLDataObjectConverter extends AbstractDataObjectConverter {
      * @param codecRegistry codec registry used for converting
      *
      */
-    private XMLDataObjectConverter(SchemaContext schemaContext, BindingNormalizedNodeSerializer codecRegistry) {
+    private XMLDataObjectConverter(EffectiveModelContext schemaContext, BindingNormalizedNodeSerializer codecRegistry) {
         super(schemaContext, codecRegistry);
         this.xmlInputFactory = XMLInputFactory.newInstance();
+        // set external DTD and schema to null to avoid vulnerability (sonar report)
+        this.xmlInputFactory.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+        this.xmlInputFactory.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
     }
 
     /**
@@ -80,7 +83,7 @@ public final class XMLDataObjectConverter extends AbstractDataObjectConverter {
      * @param codecRegistry codec registry used for converting
      * @return new {@link XMLDataObjectConverter}
      */
-    public static XMLDataObjectConverter createWithSchemaContext(@Nonnull SchemaContext schemaContext,
+    public static XMLDataObjectConverter createWithSchemaContext(@Nonnull EffectiveModelContext schemaContext,
             @Nonnull BindingNormalizedNodeSerializer codecRegistry) {
         return new XMLDataObjectConverter(schemaContext, codecRegistry);
     }
@@ -98,7 +101,7 @@ public final class XMLDataObjectConverter extends AbstractDataObjectConverter {
             XMLStreamReader reader = this.xmlInputFactory.createXMLStreamReader(inputStream);
             return parseInputXML(reader);
         } catch (XMLStreamException e) {
-            LOG.warn(e.getMessage(), e);
+            LOG.warn("XMLStreamException: {}", e.getMessage());
             return Optional.empty();
         }
     }
@@ -109,7 +112,7 @@ public final class XMLDataObjectConverter extends AbstractDataObjectConverter {
             XMLStreamReader reader = this.xmlInputFactory.createXMLStreamReader(inputReader);
             return parseInputXML(reader, parentSchema);
         } catch (XMLStreamException e) {
-            LOG.warn(e.getMessage(), e);
+            LOG.warn("XMLStreamException: {}", e.getMessage());
             return Optional.empty();
         }
     }
@@ -127,7 +130,7 @@ public final class XMLDataObjectConverter extends AbstractDataObjectConverter {
             XMLStreamReader reader = this.xmlInputFactory.createXMLStreamReader(inputReader);
             return parseInputXML(reader);
         } catch (XMLStreamException e) {
-            LOG.warn(e.getMessage(), e);
+            LOG.warn("XMLStreamException: {}", e.getMessage());
             return Optional.empty();
         }
     }
@@ -190,11 +193,11 @@ public final class XMLDataObjectConverter extends AbstractDataObjectConverter {
             XMLStreamReader reader, SchemaNode parentSchemaNode) {
         NormalizedNodeResult result = new NormalizedNodeResult();
         try (NormalizedNodeStreamWriter streamWriter = ImmutableNormalizedNodeStreamWriter.from(result);
-             XmlParserStream xmlParser = XmlParserStream.create(streamWriter, getSchemaContext(), parentSchemaNode)) {
+             XmlParserStream xmlParser = XmlParserStream
+                     .create(streamWriter, XmlCodecFactory.create(getSchemaContext()), parentSchemaNode)) {
             xmlParser.parse(reader);
-        } catch (XMLStreamException | URISyntaxException | IOException | ParserConfigurationException
-                | SAXException e) {
-            LOG.warn("An error {} occured during parsing XML input stream", e.getMessage(), e);
+        } catch (XMLStreamException | URISyntaxException | IOException | SAXException e) {
+            LOG.warn("An error occured during parsing XML input stream", e);
             return Optional.empty();
         }
         return Optional.ofNullable(result.getResult());
@@ -233,7 +236,7 @@ public final class XMLDataObjectConverter extends AbstractDataObjectConverter {
             factory.setProperty(XMLOutputFactory.IS_REPAIRING_NAMESPACES, true);
             xmlStreamWriter = factory.createXMLStreamWriter(backingWriter);
         } catch (XMLStreamException | FactoryConfigurationError e) {
-            LOG.error("Error [{}] while creating XML writer", e.getMessage(), e);
+            LOG.error("Error while creating XML writer: ", e);
             throw new IllegalStateException(e);
         }
         return xmlStreamWriter;