Update SimpleGEXFEventDrivenImporter.java (#1144)

DelfinSR · web-flow · commit b6f0e30c2a8c · 2023-03-13T19:51:51.000+09:00
Avoid XEE attacks
diff --git a/jgrapht-io/src/main/java/org/jgrapht/nio/gexf/SimpleGEXFEventDrivenImporter.java b/jgrapht-io/src/main/java/org/jgrapht/nio/gexf/SimpleGEXFEventDrivenImporter.java
@@ -162,6 +162,9 @@ private Schema createSchema()
 
         SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
 
+        // disable DOCTYPE declaration
+        factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+
         return factory.newSchema(sources);
     }
 

Original file line number	Diff line number	Diff line change
`@@ -162,6 +162,9 @@ private Schema createSchema()`
`162`	`162`
`163`	`163`	`SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);`
`164`	`164`
	`165`	`+ // disable DOCTYPE declaration`
	`166`	`+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);`
	`167`	`+`
`165`	`168`	`return factory.newSchema(sources);`
`166`	`169`	`}`
`167`	`170`