cid#1608302 XML external entity processing enabled

reformat to get it seen by scanner

Change-Id: I44ce2c6ecd24e81e3b146b7f8b42b51f7d426e90
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171731
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
This commit is contained in:
Caolán McNamara 2024-08-11 15:59:27 +01:00
parent 941c0614ff
commit 85acb1724e

View file

@ -64,18 +64,22 @@ public class XMLParserFactory {
public DefaultParser() { public DefaultParser() {
factory = DocumentBuilderFactory.newInstance(); factory = DocumentBuilderFactory.newInstance();
String[] featuresToDisable = {
"http://xml.org/sax/features/external-general-entities",
"http://xml.org/sax/features/external-parameter-entities",
"http://apache.org/xml/features/nonvalidating/load-external-dtd"
};
for (String feature : featuresToDisable) {
try { try {
factory.setFeature(feature, false); factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
} catch (ParserConfigurationException e) { } catch (ParserConfigurationException e) {
LogUtils.DEBUG(LogUtils.getTrace(e)); LogUtils.DEBUG(LogUtils.getTrace(e));
} }
try {
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
} catch (ParserConfigurationException e) {
LogUtils.DEBUG(LogUtils.getTrace(e));
}
try {
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
} catch (ParserConfigurationException e) {
LogUtils.DEBUG(LogUtils.getTrace(e));
} }
try { try {