[jira] [Created] (CALCITE-5274) prevent XXE possibilities in DiffRepository (calcite testkit)

PJ Fanning (Jira) Wed, 07 Sep 2022 12:58:05 -0700

PJ Fanning created CALCITE-5274:
-----------------------------------

             Summary: prevent XXE possibilities in DiffRepository (calcite 
testkit)
                 Key: CALCITE-5274
                 URL: https://issues.apache.org/jira/browse/CALCITE-5274
             Project: Calcite
          Issue Type: Improvement
          Components: extensions
            Reporter: PJ Fanning



[https://github.com/apache/calcite/pull/2892#discussion_r964468020]

DocumentBuilderFactory use in DiffRepository needs changes like those in 
[https://github.com/apache/calcite/pull/2892|https://github.com/apache/calcite/pull/2892#discussion_r964468020]

There is also an issue with `this.doc = 
docBuilder.parse(refFile.openStream());` - the `refFile.openStream()` gives an 
InputStream that should be closed - try with resources pattern would make sense.

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CALCITE-5274) prevent XXE possibilities in DiffRepository (calcite testkit)

Reply via email to