Added some security fixes for issues reported by FindBugs

4.x.x
Maninda 8 years ago
parent 00a5a07373
commit 0a6ef8daf7

@ -91,6 +91,7 @@
<Import-Package> <Import-Package>
javax.naming, javax.naming,
javax.sql, javax.sql,
javax.xml,
javax.xml.bind, javax.xml.bind,
javax.xml.bind.annotation, javax.xml.bind.annotation,
javax.xml.parsers; version="${javax.xml.parsers.import.pkg.version}", javax.xml.parsers; version="${javax.xml.parsers.import.pkg.version}",

@ -21,8 +21,10 @@ package org.wso2.carbon.device.mgt.extensions.device.type.deployer.util;
import org.w3c.dom.Document; import org.w3c.dom.Document;
import org.wso2.carbon.device.mgt.extensions.device.type.deployer.config.exception.DeviceTypeConfigurationException; import org.wso2.carbon.device.mgt.extensions.device.type.deployer.config.exception.DeviceTypeConfigurationException;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import java.io.File; import java.io.File;
/** /**
@ -34,8 +36,12 @@ public class DeviceTypeConfigUtil {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true); factory.setNamespaceAware(true);
try { try {
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
DocumentBuilder docBuilder = factory.newDocumentBuilder(); DocumentBuilder docBuilder = factory.newDocumentBuilder();
return docBuilder.parse(file); return docBuilder.parse(file);
} catch (ParserConfigurationException e) {
e.printStackTrace();
return null;
} catch (Exception e) { } catch (Exception e) {
throw new DeviceTypeConfigurationException("Error occurred while parsing file, while converting " + throw new DeviceTypeConfigurationException("Error occurred while parsing file, while converting " +
"to a org.w3c.dom.Document", e); "to a org.w3c.dom.Document", e);

Loading…
Cancel
Save