Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Parse Baseline in a secure way (#4499)
  • Loading branch information
BraisGabin committed Jan 18, 2022
1 parent 08eac68 commit c965a8d
Showing 1 changed file with 6 additions and 1 deletion.
Expand Up @@ -3,6 +3,7 @@ package io.gitlab.arturbosch.detekt.core.baseline
import org.xml.sax.SAXParseException
import java.nio.file.Files
import java.nio.file.Path
import javax.xml.XMLConstants
import javax.xml.parsers.SAXParserFactory
import javax.xml.stream.XMLStreamException
import javax.xml.stream.XMLStreamWriter
Expand All @@ -17,7 +18,11 @@ internal class BaselineFormat {
fun read(path: Path): Baseline {
try {
Files.newInputStream(path).use {
val reader = SAXParserFactory.newInstance().newSAXParser()
val reader = SAXParserFactory.newInstance()
.apply {
setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true)
}
.newSAXParser()
val handler = BaselineHandler()
reader.parse(it, handler)
return handler.createBaseline()
Expand Down

0 comments on commit c965a8d

Please sign in to comment.