(ambari) branch branch-2.7 updated: Validate xml file to remediate vulnerablity. Contributed by Bhavya Hoda

Sun, 24 Dec 2023 23:42:09 -0800 

This is an automated email from the ASF dual-hosted git repository.

brahma pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/ambari.git


The following commit(s) were added to refs/heads/branch-2.7 by this push:
     new d9652e4611 Validate xml file to remediate vulnerablity. Contributed by 
Bhavya Hoda <[email protected]>
d9652e4611 is described below

commit d9652e4611ea36208d5f748028b3a9cd980e6edb
Author: Brahma Reddy Battula <[email protected]>
AuthorDate: Mon Dec 25 13:11:46 2023 +0530

    Validate xml file to remediate vulnerablity. Contributed by Bhavya Hoda 
<[email protected]>
---
 .../src/main/java/org/apache/oozie/ambari/view/Utils.java     | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git 
a/contrib/views/wfmanager/src/main/java/org/apache/oozie/ambari/view/Utils.java 
b/contrib/views/wfmanager/src/main/java/org/apache/oozie/ambari/view/Utils.java
index c0459c6a7d..89ea8d3c11 100644
--- 
a/contrib/views/wfmanager/src/main/java/org/apache/oozie/ambari/view/Utils.java
+++ 
b/contrib/views/wfmanager/src/main/java/org/apache/oozie/ambari/view/Utils.java
@@ -58,9 +58,20 @@ import org.xml.sax.SAXException;
 public class Utils {
        private static final String XML_INDENT_SPACES = "4";
        private static final String XML_INDENT_AMT_PROP_NAME = 
"{http://xml.apache.org/xslt}indent-amount";;
+       private final String FEATURES_DISALLOW_DOCTYPE = 
"http://apache.org/xml/features/disallow-doctype-decl";;
        private final static Logger LOGGER = LoggerFactory
                        .getLogger(Utils.class);
        private final DocumentBuilderFactory dbf = 
DocumentBuilderFactory.newInstance();
+       Utils() {
+               // Refer to 
https://docs.oracle.com/javase/8/docs/api/javax/xml/parsers/DocumentBuilderFactory.html#setFeature-java.lang.String-boolean-
+               try{
+                       dbf.setFeature(FEATURES_DISALLOW_DOCTYPE, true);
+                       LOGGER.info("Setting feature disallow doctype to true");
+               } catch (ParserConfigurationException | 
TransformerFactoryConfigurationError e) {
+                       LOGGER.error("Error in formatting xml", e);
+                       throw new RuntimeException(e);
+               }
+       }
        public String formatXml(String xml) {
 
                try {


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to