add review changes

ddamke · ddamke · commit fd1e0bdda67c · 2022-11-04T14:43:22.000+01:00
diff --git a/.github/workflows/mavenCi.yml b/.github/workflows/mavenCi.yml
@@ -4,9 +4,13 @@
 name: Java CI with Maven
 
 on:
-  workflow_dispatch:
   push:
+    branches: [ "master", "develop" ]
   pull_request:
+    branches: [ "master", "develop" ]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
 
 jobs:
 
@@ -25,7 +29,7 @@ jobs:
       - name: Analyze
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}  #Added new Repository Secret in GitHub
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         run: mvn sonar:sonar
           -Dsonar.host.url=${{ secrets.HOST_URL }}
           -Dsonar.organization=${{ secrets.ORGANIZATION_NAME }}
@@ -53,6 +57,5 @@ jobs:
       - name: Upload Build Artifact
         uses: actions/upload-artifact@v3
         with:
-          # Artifact name
           name: KeepTime
-          path: /home/runner/work/KeepTime/KeepTime/target/
+          path: /home/runner/work/KeepTime/KeepTime/target/keeptime-*-bin.zip
diff --git a/src/main/java/de/doubleslash/keeptime/common/SvgNodeProvider.java b/src/main/java/de/doubleslash/keeptime/common/SvgNodeProvider.java
@@ -25,22 +25,12 @@ public static String getSvgPathWithXMl(Resources.RESOURCE resource){
       Document document;
       DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
       try {
+         // fixes sonar issue RSPEC-2755
          dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
       } catch (ParserConfigurationException e) {
          throw new RuntimeException(e);
       }
 
-      /* Fixes Sonar Vulnerability Issue "XML parsers should not be vulnerable to XXE attacks"
-      * XML standard allows the use of entities, declared in the DOCTYPE of the document, which can be internal or external.
-      Problem:
-      When parsing the XML file, the content of the external entities is retrieved from an external storage such as the file system or network,
-      which may lead, if no restrictions are put in place, to arbitrary file disclosures or server-side request forgery (SSRF) vulnerabilities.
-
-       Solution:
-      *It’s recommended to limit resolution of external entities by using one of these solutions:
-            If DOCTYPE is not necessary, completely disable all DOCTYPE declarations.
-      * */
-
       DocumentBuilder db;
 
       try {
