JIRA: TRNSPRTPCE-193
Signed-off-by: guillaume.lambert <guillaume.lambert@orange.com>
Change-Id: Ifce9b71e5c9233145188107586428039f38b1c16
private XMLDataObjectConverter(SchemaContext schemaContext, BindingNormalizedNodeSerializer codecRegistry) {
super(schemaContext, codecRegistry);
this.xmlInputFactory = XMLInputFactory.newInstance();
+ // set external DTD and schema to null to avoid vulnerability (sonar report)
+ this.xmlInputFactory.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ this.xmlInputFactory.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
}
/**