Skip to content

Commit

Permalink
Issue #6133: Disable XML External Entity load in XmlUtil.java in tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@romani @rnveach
romani authored and rnveach committed Mar 16, 2019
1 parent e7d4471 commit 7e2b7f5
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/main/java/com/puppycrawl/tools/checkstyle/XmlLoader.java
View file
Expand Up @@ -119,10 +119,10 @@ public static final class LoadExternalDtdFeatureProvider {
public static final String ENABLE_EXTERNAL_DTD_LOAD = "checkstyle.enableExternalDtdLoad";

/** Feature that enables loading external DTD when loading XML files. */
private static final String LOAD_EXTERNAL_DTD =
public static final String LOAD_EXTERNAL_DTD =
"http://apache.org/xml/features/nonvalidating/load-external-dtd";
/** Feature that enables including external general entities in XML files. */
private static final String EXTERNAL_GENERAL_ENTITIES =
public static final String EXTERNAL_GENERAL_ENTITIES =
"http://xml.org/sax/features/external-general-entities";

/** Stop instances being created. **/
Expand Down
6 changes: 6 additions & 0 deletions src/test/java/com/puppycrawl/tools/checkstyle/internal/utils/XmlUtil.java
View file
Expand Up @@ -34,6 +34,8 @@
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

import com.puppycrawl.tools.checkstyle.XmlLoader;

/**
* XmlUtil.
* @noinspection ClassOnlyUsedInOnePackage
Expand All @@ -49,6 +51,10 @@ public static Document getRawXml(String fileName, String code, String unserializ
try {
final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setValidating(false);
factory.setFeature(
XmlLoader.LoadExternalDtdFeatureProvider.EXTERNAL_GENERAL_ENTITIES, false);
factory.setFeature(
XmlLoader.LoadExternalDtdFeatureProvider.LOAD_EXTERNAL_DTD, false);

final DocumentBuilder builder = factory.newDocumentBuilder();

Expand Down

0 comments on commit 7e2b7f5

Please sign in to comment.