Security 2625 fixed

aasat · aasat · commit 9ce24fb63fcd · 2022-12-05T13:27:42.000+05:30
diff --git a/src/main/java/com/compuware/jenkins/totaltest/TotalTestCTRunner.java b/src/main/java/com/compuware/jenkins/totaltest/TotalTestCTRunner.java
@@ -323,6 +323,12 @@ else if (extension.compareTo(FILE_EXT_XAUNIT) == 0 ||
 	private Document getXaScenarioSuiteResultAsDocument(String xml) throws Exception //NOSONAR
 	{
 		DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+		dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+		dbf.setFeature("http://xml.org/sax/features/external-general-entities", false);
+		dbf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+		dbf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+		dbf.setXIncludeAware(false);
+		dbf.setExpandEntityReferences(false);
 		DocumentBuilder db = dbf.newDocumentBuilder();
 		Reader r = new StringReader(xml);
 		return db.parse(new InputSource(r));
