Added some security fixes for issues reported by FindBugs

4.x.x
Maninda 8 years ago
parent 00a5a07373
commit 0a6ef8daf7

@ -91,6 +91,7 @@
<Import-Package>
javax.naming,
javax.sql,
javax.xml,
javax.xml.bind,
javax.xml.bind.annotation,
javax.xml.parsers; version="${javax.xml.parsers.import.pkg.version}",

@ -21,8 +21,10 @@ package org.wso2.carbon.device.mgt.extensions.device.type.deployer.util;
import org.w3c.dom.Document;
import org.wso2.carbon.device.mgt.extensions.device.type.deployer.config.exception.DeviceTypeConfigurationException;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import java.io.File;
/**
@ -34,8 +36,12 @@ public class DeviceTypeConfigUtil {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true);
try {
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
DocumentBuilder docBuilder = factory.newDocumentBuilder();
return docBuilder.parse(file);
} catch (ParserConfigurationException e) {
e.printStackTrace();
return null;
} catch (Exception e) {
throw new DeviceTypeConfigurationException("Error occurred while parsing file, while converting " +
"to a org.w3c.dom.Document", e);

Loading…
Cancel
Save