Potential fix for code scanning alert no. 5: Resolving XML external entity in user-controlled data

dbarashev · github-advanced-security[bot] · web-flow · commit 4b940ff2272e · 2025-08-06T19:15:41.000+04:00
Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
diff --git a/ganttproject/src/main/java/biz/ganttproject/storage/Document.kt b/ganttproject/src/main/java/biz/ganttproject/storage/Document.kt
@@ -311,6 +311,8 @@ private val domParser = DocumentBuilderFactory.newInstance().also {
   it.setFeature("http://xml.org/sax/features/external-general-entities", false)
   it.setFeature("http://xml.org/sax/features/external-parameter-entities", false)
   it.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true)
+  it.setAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_DTD, "")
+  it.setAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_SCHEMA, "")
 }
 
 @Throws(SAXException::class)

Original file line number	Diff line number	Diff line change
`@@ -311,6 +311,8 @@ private val domParser = DocumentBuilderFactory.newInstance().also {`
`311`	`311`	`it.setFeature("http://xml.org/sax/features/external-general-entities", false)`
`312`	`312`	`it.setFeature("http://xml.org/sax/features/external-parameter-entities", false)`
`313`	`313`	`it.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true)`
	`314`	`+ it.setAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_DTD, "")`
	`315`	`+ it.setAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_SCHEMA, "")`
`314`	`316`	`}`
`315`	`317`
`316`	`318`	`@Throws(SAXException::class)`