Changeset 8287 in josm for trunk/src/org/openstreetmap/josm/io/imagery/ImageryReader.java

Timestamp:

2015-04-28T01:11:18+02:00 (9 years ago)

Author:

Don-vip

Message:

fix findsecbugs:XXE_SAXPARSER - "Security - XML Parsing Vulnerable to XXE (SAXParser)"

File:

• trunk/src/org/openstreetmap/josm/io/imagery/ImageryReader.java (modified) (4 diffs)

trunk/src/org/openstreetmap/josm/io/imagery/ImageryReader.java

@@ -11 +11 @@
 
 import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.parsers.SAXParserFactory;
 
 import org.openstreetmap.josm.Main;
@@ -21 +20 @@
 import org.openstreetmap.josm.io.UTFInputStreamReader;
 import org.openstreetmap.josm.tools.LanguageInfo;
+import org.openstreetmap.josm.tools.Utils;
 import org.xml.sax.Attributes;
 import org.xml.sax.InputSource;
@@ -49 +49 @@
         Parser parser = new Parser();
         try {
-            SAXParserFactory factory = SAXParserFactory.newInstance();
-            factory.setNamespaceAware(true);
             try (InputStream in = new CachedFile(source)
                     .setMaxAge(1*CachedFile.DAYS)
@@ -56 +54 @@
                     .getInputStream()) {
                 InputSource is = new InputSource(UTFInputStreamReader.create(in));
-                factory.newSAXParser().parse(is, parser);
+                Utils.newSafeSAXParser().parse(is, parser);
                 return parser.entries;
             }