Changeset 10404 in josm for trunk/src/org/openstreetmap/josm/io/OsmServerUserInfoReader.java

Timestamp:

2016-06-16T19:10:53+02:00 (8 years ago)

Author:

Don-vip

Message:

findbugs security - XML Parsing Vulnerable to XXE - enable FEATURE_SECURE_PROCESSING for DOM builders

File:

• trunk/src/org/openstreetmap/josm/io/OsmServerUserInfoReader.java (modified) (3 diffs)

trunk/src/org/openstreetmap/josm/io/OsmServerUserInfoReader.java

@@ -9 +9 @@
 import java.util.List;
 
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.xpath.XPath;
@@ -20 +19 @@
 import org.openstreetmap.josm.data.osm.UserInfo;
 import org.openstreetmap.josm.gui.progress.ProgressMonitor;
+import org.openstreetmap.josm.tools.Utils;
 import org.openstreetmap.josm.tools.XmlParsingException;
 import org.openstreetmap.josm.tools.date.DateUtils;
@@ -175 +175 @@
             monitor.indeterminateSubTask(tr("Reading user info ..."));
             try (InputStream in = getInputStream("user/details", monitor.createSubTaskMonitor(1, true), reason)) {
-                return buildFromXML(
-                        DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(in)
-                );
+                return buildFromXML(Utils.parseSafeDOM(in));
             }
         } catch (OsmTransferException e) {