diff options
author | Morten Tokle <mortent@yahooinc.com> | 2023-12-18 15:35:09 +0100 |
---|---|---|
committer | Morten Tokle <mortent@yahooinc.com> | 2023-12-19 14:11:05 +0100 |
commit | b6368d66d4169e93c98df5fc6fe4df7cc9986c8b (patch) | |
tree | 29e625fb74ef12d55d1c1fa3af3d31cf1db4d8e9 /config-application-package | |
parent | 8936f5e5a97f810fc82a80d12c8ab91823120d66 (diff) |
Fix more xxe prevention
Diffstat (limited to 'config-application-package')
-rw-r--r-- | config-application-package/src/main/java/com/yahoo/config/model/application/provider/FilesApplicationPackage.java | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/config-application-package/src/main/java/com/yahoo/config/model/application/provider/FilesApplicationPackage.java b/config-application-package/src/main/java/com/yahoo/config/model/application/provider/FilesApplicationPackage.java index 3df11855f75..ab5645eb50d 100644 --- a/config-application-package/src/main/java/com/yahoo/config/model/application/provider/FilesApplicationPackage.java +++ b/config-application-package/src/main/java/com/yahoo/config/model/application/provider/FilesApplicationPackage.java @@ -27,6 +27,7 @@ import com.yahoo.io.IOUtils; import com.yahoo.io.reader.NamedReader; import com.yahoo.path.Path; import com.yahoo.text.Utf8; +import com.yahoo.text.XML; import com.yahoo.vespa.config.ConfigDefinition; import com.yahoo.vespa.config.ConfigDefinitionBuilder; import com.yahoo.vespa.config.ConfigDefinitionKey; @@ -36,6 +37,7 @@ import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; + import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import javax.xml.transform.TransformerFactory; @@ -166,7 +168,7 @@ public class FilesApplicationPackage extends AbstractApplicationPackage { configDefsDir = applicationFile(appDir, CONFIG_DEFINITIONS_DIR); addUserIncludeDirs(); this.metaData = metaData; - transformerFactory = TransformerFactory.newInstance(); + this.transformerFactory = XML.createTransformerFactory(); } @Override |