Skip to content

Commit

Permalink
Fix code scanning alert no. 6: Resolving XML external entity in user-…
Browse files Browse the repository at this point in the history 
…controlled data

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
  • Loading branch information
@hazendaz @github-advanced-security
hazendaz and github-advanced-security[bot] authored Sep 26, 2024
1 parent 45953df commit 1559f3a
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion src/main/java/org/apache/ibatis/parsing/XPathParser.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,13 +231,16 @@ private Document createDocument(InputSource inputSource) {
try {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
factory.setValidating(validation);

factory.setNamespaceAware(false);
factory.setIgnoringComments(true);
factory.setIgnoringElementContentWhitespace(false);
factory.setCoalescing(false);
factory.setExpandEntityReferences(true);
factory.setExpandEntityReferences(false);

DocumentBuilder builder = factory.newDocumentBuilder();
builder.setEntityResolver(entityResolver);
Expand Down

0 comments on commit 1559f3a

Please sign in to comment.