From 0a6ef8daf7bfba026d8866826eee6bd7ac86786f Mon Sep 17 00:00:00 2001 From: Maninda Date: Thu, 5 Jan 2017 14:51:13 +0530 Subject: [PATCH] Added some security fixes for issues reported by FindBugs --- .../pom.xml | 1 + .../device/type/deployer/util/DeviceTypeConfigUtil.java | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/components/device-mgt-extensions/org.wso2.carbon.device.mgt.extensions.device.type.deployer/pom.xml b/components/device-mgt-extensions/org.wso2.carbon.device.mgt.extensions.device.type.deployer/pom.xml index df0314173c3..b50459eb15f 100644 --- a/components/device-mgt-extensions/org.wso2.carbon.device.mgt.extensions.device.type.deployer/pom.xml +++ b/components/device-mgt-extensions/org.wso2.carbon.device.mgt.extensions.device.type.deployer/pom.xml @@ -91,6 +91,7 @@ javax.naming, javax.sql, + javax.xml, javax.xml.bind, javax.xml.bind.annotation, javax.xml.parsers; version="${javax.xml.parsers.import.pkg.version}", diff --git a/components/device-mgt-extensions/org.wso2.carbon.device.mgt.extensions.device.type.deployer/src/main/java/org/wso2/carbon/device/mgt/extensions/device/type/deployer/util/DeviceTypeConfigUtil.java b/components/device-mgt-extensions/org.wso2.carbon.device.mgt.extensions.device.type.deployer/src/main/java/org/wso2/carbon/device/mgt/extensions/device/type/deployer/util/DeviceTypeConfigUtil.java index bdf3bd861e5..495a72b48d9 100644 --- a/components/device-mgt-extensions/org.wso2.carbon.device.mgt.extensions.device.type.deployer/src/main/java/org/wso2/carbon/device/mgt/extensions/device/type/deployer/util/DeviceTypeConfigUtil.java +++ b/components/device-mgt-extensions/org.wso2.carbon.device.mgt.extensions.device.type.deployer/src/main/java/org/wso2/carbon/device/mgt/extensions/device/type/deployer/util/DeviceTypeConfigUtil.java @@ -21,8 +21,10 @@ package org.wso2.carbon.device.mgt.extensions.device.type.deployer.util; import org.w3c.dom.Document; import org.wso2.carbon.device.mgt.extensions.device.type.deployer.config.exception.DeviceTypeConfigurationException; +import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; import java.io.File; /** @@ -34,8 +36,12 @@ public class DeviceTypeConfigUtil { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true); try { + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DocumentBuilder docBuilder = factory.newDocumentBuilder(); return docBuilder.parse(file); + } catch (ParserConfigurationException e) { + e.printStackTrace(); + return null; } catch (Exception e) { throw new DeviceTypeConfigurationException("Error occurred while parsing file, while converting " + "to a org.w3c.dom.Document", e);