Skip to content

Commit 6e3b3bc

Browse files
MartinWheelerMTMartinWheelerMT
committed
Code Improvement: Disable access to external entities in XML parsing.
* Update from `.newInstance()` to `.newDefaultInstance()` which should add the flags for critical security risks.
1 parent af34a9c commit 6e3b3bc

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

service/src/main/java/uk/nhs/adaptors/gp2gp/common/service/XPathService.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@
2525
@Component
2626
public class XPathService {
2727
public Document parseDocumentFromXml(String xml) throws SAXException {
28-
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
28+
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newDefaultInstance();
2929
InputSource inputSource;
3030
DocumentBuilder documentBuilder;
3131
try {

service/src/main/java/uk/nhs/adaptors/gp2gp/gpc/StructuredRecordMappingService.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -174,7 +174,7 @@ public String buildSkeletonEhrExtractXml(String realEhrExtract, String documentI
174174
}
175175

176176
private static String toString(Document document) throws TransformerException {
177-
TransformerFactory tf = TransformerFactory.newInstance();
177+
TransformerFactory tf = TransformerFactory.newDefaultInstance();
178178
Transformer transformer = tf.newTransformer();
179179
StringWriter writer = new StringWriter();
180180

0 commit comments

Comments
 (0)