This is an automated email from the ASF dual-hosted git repository.
slachiewicz pushed a commit to branch refactor-test
in repository https://gitbox.apache.org/repos/asf/maven-help-plugin.git
commit 65427425663a540b7b4290b310003364b77dfadd
Author: Sylwester Lachiewicz <slachiew...@apache.org>
AuthorDate: Mon Jan 11 23:14:07 2021 +0100
Sonar: Disable access to external entities in XML parsing
---
.../java/org/apache/maven/plugins/help/AbstractEffectiveMojo.java | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git
a/src/main/java/org/apache/maven/plugins/help/AbstractEffectiveMojo.java
b/src/main/java/org/apache/maven/plugins/help/AbstractEffectiveMojo.java
index f1232ac..96ed683 100644
--- a/src/main/java/org/apache/maven/plugins/help/AbstractEffectiveMojo.java
+++ b/src/main/java/org/apache/maven/plugins/help/AbstractEffectiveMojo.java
@@ -40,6 +40,8 @@ import org.jdom2.input.SAXBuilder;
import org.jdom2.output.Format;
import org.jdom2.output.XMLOutputter;
+import javax.xml.XMLConstants;
+
/**
* Base class with common utilities to write effective Pom/settings.
*
@@ -111,7 +113,8 @@ public abstract class AbstractEffectiveMojo
protected static String prettyFormat( String effectiveModel, String
encoding, boolean omitDeclaration )
{
SAXBuilder builder = new SAXBuilder();
-
+ builder.setProperty( XMLConstants.ACCESS_EXTERNAL_DTD, "" );
+ builder.setProperty( XMLConstants.ACCESS_EXTERNAL_SCHEMA, "" );
try
{
Document effectiveDocument = builder.build( new StringReader(
effectiveModel ) );
