(ambari) 02/02: Validate xml file to remediate vulnerablity. Contributed by Bhavya Hoda

Mon, 28 Oct 2024 18:31:53 -0700 

This is an automated email from the ASF dual-hosted git repository.

jialiang pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git

commit e278b33d72141776dfc48d9e2466ce2961745b71
Author: Brahma Reddy Battula <[email protected]>
AuthorDate: Mon Dec 25 13:11:46 2023 +0530

    Validate xml file to remediate vulnerablity. Contributed by Bhavya Hoda 
<[email protected]>
    
    (cherry picked from commit d9652e4611ea36208d5f748028b3a9cd980e6edb)
---
 .../src/main/java/org/apache/oozie/ambari/view/Utils.java     | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git 
a/contrib/views/wfmanager/src/main/java/org/apache/oozie/ambari/view/Utils.java 
b/contrib/views/wfmanager/src/main/java/org/apache/oozie/ambari/view/Utils.java
index c0459c6a7d..89ea8d3c11 100644
--- 
a/contrib/views/wfmanager/src/main/java/org/apache/oozie/ambari/view/Utils.java
+++ 
b/contrib/views/wfmanager/src/main/java/org/apache/oozie/ambari/view/Utils.java
@@ -58,9 +58,20 @@ import org.xml.sax.SAXException;
 public class Utils {
        private static final String XML_INDENT_SPACES = "4";
        private static final String XML_INDENT_AMT_PROP_NAME = 
"{http://xml.apache.org/xslt}indent-amount";;
+       private final String FEATURES_DISALLOW_DOCTYPE = 
"http://apache.org/xml/features/disallow-doctype-decl";;
        private final static Logger LOGGER = LoggerFactory
                        .getLogger(Utils.class);
        private final DocumentBuilderFactory dbf = 
DocumentBuilderFactory.newInstance();
+       Utils() {
+               // Refer to 
https://docs.oracle.com/javase/8/docs/api/javax/xml/parsers/DocumentBuilderFactory.html#setFeature-java.lang.String-boolean-
+               try{
+                       dbf.setFeature(FEATURES_DISALLOW_DOCTYPE, true);
+                       LOGGER.info("Setting feature disallow doctype to true");
+               } catch (ParserConfigurationException | 
TransformerFactoryConfigurationError e) {
+                       LOGGER.error("Error in formatting xml", e);
+                       throw new RuntimeException(e);
+               }
+       }
        public String formatXml(String xml) {
 
                try {


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to