'Improper Restriction of XML EER for TransformerFactory
Getting Veracode vulnerability "Improper Restriction of XML External Entity Reference" for "TransformerFactory", There are several solution for this and the most relevant I found is: solution. But after trying these solution none of them worked. Below is the code:
import net.sf.saxon.TransformerFactoryImpl;
.....
TransformerFactory genericFactory = TransformerFactoryImpl.newInstance();
genericFactory.setFeature("http://javax.xml.XMLConstants/property/accessExternalDTD", false);
genericFactory.setFeature(Constants.FEATURE_SECURE_PROCESSING,true);
The error is:
javax.xml.transform.TransformerConfigurationException: Unsupported TransformerFactory feature: http://javax.xml.XMLConstants/property/accessExternalDTD
Currently I am running the application on Java 8 and the relevant jars are: saxon9.jar, xalan-2.7.2.jar
I tried several combination for these like:
//1
TransformerFactory genericFactory = javax.xml.transform.TransformerFactory.newInstance();
genericFactory.setFeature("http://javax.xml.XMLConstants/property/accessExternalDTD", false);
//2
TransformerFactory genericFactory = com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl.newInstance();
genericFactory.setFeature("http://javax.xml.XMLConstants/property/accessExternalDTD", false);
But getting the same error. How to solve this error?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|