Changeset 10404 in josm for trunk/src/org/openstreetmap/josm/tools/bugreport/BugReportSender.java

Timestamp:

2016-06-16T19:10:53+02:00 (8 years ago)

Author:

Don-vip

Message:

findbugs security - XML Parsing Vulnerable to XXE - enable FEATURE_SECURE_PROCESSING for DOM builders

File:

• trunk/src/org/openstreetmap/josm/tools/bugreport/BugReportSender.java (modified) (2 diffs)

trunk/src/org/openstreetmap/josm/tools/bugreport/BugReportSender.java

@@ -18 +18 @@
 import javax.swing.JPanel;
 import javax.swing.SwingUtilities;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.xpath.XPath;
@@ -100 +98 @@
 
             try (InputStream in = connection.getContent()) {
-                DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
-                Document document = builder.parse(in);
-                return retrieveDebugToken(document);
+                return retrieveDebugToken(Utils.parseSafeDOM(in));
             }
         } catch (IOException | SAXException | ParserConfigurationException | XPathExpressionException t) {