Merge pull request #806 from ready-research/ready-research-XXE

Prevent XXE attacks
mybatis · Jan 18, 2022 · 7abca13 · 7abca13
2 parents f2ca1ca + a0468b8
commit 7abca13
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/...tis.generator.eclipse.ui/src/org/mybatis/generator/eclipse/ui/content/ConfigVerifyer.java b/...tis.generator.eclipse.ui/src/org/mybatis/generator/eclipse/ui/content/ConfigVerifyer.java
@@ -97,6 +97,8 @@ public boolean isConfigurationFile() {
     boolean isConfigFile(InputStream inputStream) {
         try {
             SAXParserFactory factory = SAXParserFactory.newInstance();
+            factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
             factory.setValidating(false);
             SAXParser parser = factory.newSAXParser();