HDFS-16410. Insecure Xml parsing in OfflineEditsXmlLoader (#3854)
Contributed by Ashutosh Gupta
(cherry picked from commit 43e5218a86
)
This commit is contained in:
parent
1e1e4a2f51
commit
3992ba5d8c
|
@ -86,6 +86,10 @@ class OfflineEditsXmlLoader
|
||||||
public void loadEdits() throws IOException {
|
public void loadEdits() throws IOException {
|
||||||
try {
|
try {
|
||||||
XMLReader xr = XMLReaderFactory.createXMLReader();
|
XMLReader xr = XMLReaderFactory.createXMLReader();
|
||||||
|
xr.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||||
|
xr.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
|
||||||
|
xr.setFeature("http://xml.org/sax/features/external-general-entities", false);
|
||||||
|
xr.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
|
||||||
xr.setContentHandler(this);
|
xr.setContentHandler(this);
|
||||||
xr.setErrorHandler(this);
|
xr.setErrorHandler(this);
|
||||||
xr.setDTDHandler(null);
|
xr.setDTDHandler(null);
|
||||||
|
|
Loading…
Reference in New Issue