[jira] [Created] (KNOX-2649) ServiceDefinitionUnmarshaller should disable support for external entities

Philip Zampino (Jira) Thu, 26 Aug 2021 08:21:42 -0700

Philip Zampino created KNOX-2649:
------------------------------------

             Summary: ServiceDefinitionUnmarshaller should disable support for 
external entities
                 Key: KNOX-2649
                 URL: https://issues.apache.org/jira/browse/KNOX-2649
             Project: Apache Knox
          Issue Type: Bug
          Components: Server
    Affects Versions: 1.5.0
            Reporter: Philip Zampino



org.apache.knox.gateway.service.admin.ServiceDefinitionUnmarshaller should 
disable support for external XML entities in the _readFrom_ method.

 
{code:java}
XMLInputFactory f = XMLInputFactory.newFactory();
f.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
f.setProperty(XMLInputFactory.SUPPORT_DTD, false);
XMLStreamReader xsr = f.createXMLStreamReader(entityStream);
return (ServiceDefinitionPair) getUnmarshaller().unmarshal(xsr);
{code}
 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (KNOX-2649) ServiceDefinitionUnmarshaller should disable support for external entities

Reply via email to