Merge pull request #178 from Avishka-Shamendra/revert-177-master

Revert "Replace Transformer Factory with The Secured Transformer Factory"

Author: RushanNanayakkara

modules/balana-utils/src/main/java/org/wso2/balana/utils/Utils.java

@@ -24,21 +24,17 @@
 import org.apache.xerces.impl.Constants;
 import org.w3c.dom.Document;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerConfigurationException;
 import javax.xml.transform.TransformerException;
 import javax.xml.transform.TransformerFactory;
 import javax.xml.transform.dom.DOMSource;
 import javax.xml.transform.stream.StreamResult;
 import java.io.StringWriter;
 
-import static javax.xml.XMLConstants.ACCESS_EXTERNAL_DTD;
-import static javax.xml.XMLConstants.ACCESS_EXTERNAL_STYLESHEET;
-import static javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING;
-
 /**
  *
  */
@@ -68,7 +64,7 @@ public static String getStringFromDocument(Document doc) throws TransformerExcep
         if(transformerFactoryClassName == null) {
             transformerFactoryClassName = "org.apache.xalan.processor.TransformerFactoryImpl";
         }
-        TransformerFactory transformerFactory = getSecuredTransformerFactory(transformerFactoryClassName);
+        TransformerFactory transformerFactory = TransformerFactory.newInstance(transformerFactoryClassName, null);
         Transformer transformer = transformerFactory.newTransformer();
         transformer.transform(domSource, result);
         return writer.toString().substring(writer.toString().indexOf('>') + 1);
@@ -105,7 +101,7 @@ public static DocumentBuilderFactory getSecuredDocumentBuilderFactory() {
             dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
             dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
             dbf.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false);
-            dbf.setFeature(FEATURE_SECURE_PROCESSING, true);
+            dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
         } catch (ParserConfigurationException e) {
             logger.error(
                     "Failed to load XML Processor Feature " + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE + " or " +
@@ -118,29 +114,8 @@ public static DocumentBuilderFactory getSecuredDocumentBuilderFactory() {
 
         return dbf;
     }
-
-    /**
-     * Create TransformerFactory with the XXE prevention measurements
-     * https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#transformerfactory
-     *
-     * @param transformerFactoryClassName String
-     * @return TransformerFactory
-     */
-    public static TransformerFactory getSecuredTransformerFactory(String transformerFactoryClassName) {
-        TransformerFactory trfactory = TransformerFactory.
-                newInstance(transformerFactoryClassName, null);
-
-        try {
-            trfactory.setFeature(FEATURE_SECURE_PROCESSING, true);
-        } catch (TransformerConfigurationException e) {
-            logger.error("Failed to load XML Processor " +
-                    "Feature http://javax.xml.XMLConstants/feature/secure-processing for secure-processing.");
-        }
-        trfactory.setAttribute(ACCESS_EXTERNAL_DTD, "");
-        trfactory.setAttribute(ACCESS_EXTERNAL_STYLESHEET, "");
-        return trfactory;
-    }
-
+    
+    
 //    public static Element createElement(String xmlInput) {
 //
 //        DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();