[camel] branch camel-2.24.x updated: Disable external entities for schematron component

Fri, 11 Oct 2019 02:56:43 -0700 

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch camel-2.24.x
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/camel-2.24.x by this push:
     new b2e6d10  Disable external entities for schematron component
b2e6d10 is described below

commit b2e6d10a50d3613179cf6c4655ff3b7e2d52a1d9
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Fri Oct 11 10:37:17 2019 +0100

    Disable external entities for schematron component
---
 .../schematron/processor/SchematronProcessorFactory.java       | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git 
a/components/camel-schematron/src/main/java/org/apache/camel/component/schematron/processor/SchematronProcessorFactory.java
 
b/components/camel-schematron/src/main/java/org/apache/camel/component/schematron/processor/SchematronProcessorFactory.java
index 13f146e..1f098da 100644
--- 
a/components/camel-schematron/src/main/java/org/apache/camel/component/schematron/processor/SchematronProcessorFactory.java
+++ 
b/components/camel-schematron/src/main/java/org/apache/camel/component/schematron/processor/SchematronProcessorFactory.java
@@ -69,7 +69,15 @@ public final class SchematronProcessorFactory {
      */
     private static XMLReader getXMLReader() throws 
ParserConfigurationException, SAXException {
         final SAXParserFactory fac = SAXParserFactory.newInstance();
-        fac.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+        try {
+            fac.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, 
Boolean.TRUE);
+            
fac.setFeature("http://xml.org/sax/features/external-general-entities";, false);
+            
fac.setFeature("http://xml.org/sax/features/external-parameter-entities";, 
false);
+            
fac.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd";,
 false);
+        } catch (ParserConfigurationException | SAXException ex) {
+            // LOG.debug("Error setting feature on parser: " +
+            // ex.getMessage());
+        }
         fac.setValidating(false);
         final SAXParser parser = fac.newSAXParser();
         XMLReader reader = parser.getXMLReader();

Reply via email to