Skip to content

Commit

Permalink
Fixed SECURITY-2411
Browse files Browse the repository at this point in the history
  • Loading branch information
@judovana
judovana committed Aug 30, 2021
1 parent 1c9cd99 commit 7978729
Showing 1 changed file with 8 additions and 4 deletions.
12 changes: 8 additions & 4 deletions src/main/java/hudson/plugins/nested_view/NestedView.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.InputStream;

import javax.xml.XMLConstants;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
Expand Down Expand Up @@ -505,10 +507,12 @@ public void updateByXml(Source source) throws IOException {
// this allows us to use UTF-8 for storing data,
// plus it checks any well-formedness issue in the submitted
// data
Transformer t = TransformerFactory.newInstance()
.newTransformer();
t.transform(source,
new StreamResult(out));
TransformerFactory factory = TransformerFactory.newInstance();
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
Transformer t = factory.newTransformer();
t.transform(source, new StreamResult(out));
out.close();
} catch (TransformerException e) {
throw new IOException2("Failed to persist configuration.xml", e);
Expand Down

0 comments on commit 7978729

Please # to comment.