From 1d371f0e81913a15938c2beefa47ff3053ce89d5 Mon Sep 17 00:00:00 2001
From: ready-research <72916209+ready-research@users.noreply.github.com>
Date: Tue, 18 Jan 2022 16:50:21 +0530
Subject: [PATCH 1/2] Prevent XXE attacks

---
 .../mybatis/generator/eclipse/ui/content/ConfigVerifyer.java   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/eclipse/org.mybatis.generator.eclipse.ui/src/org/mybatis/generator/eclipse/ui/content/ConfigVerifyer.java b/eclipse/org.mybatis.generator.eclipse.ui/src/org/mybatis/generator/eclipse/ui/content/ConfigVerifyer.java
index d3c1c347d3..98edc83d1a 100644
--- a/eclipse/org.mybatis.generator.eclipse.ui/src/org/mybatis/generator/eclipse/ui/content/ConfigVerifyer.java
+++ b/eclipse/org.mybatis.generator.eclipse.ui/src/org/mybatis/generator/eclipse/ui/content/ConfigVerifyer.java
@@ -97,6 +97,9 @@ public boolean isConfigurationFile() {
     private boolean isConfigFile(InputStream inputStream) {
         try {
             SAXParserFactory factory = SAXParserFactory.newInstance();
+            factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+            factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
             factory.setValidating(false);
             SAXParser parser = factory.newSAXParser();
         

From a0468b86ab78902045d1afe5d5e61f467e346737 Mon Sep 17 00:00:00 2001
From: ready-research <72916209+ready-research@users.noreply.github.com>
Date: Tue, 18 Jan 2022 23:12:53 +0530
Subject: [PATCH 2/2] Update ConfigVerifyer.java

---
 .../org/mybatis/generator/eclipse/ui/content/ConfigVerifyer.java | 1 -
 1 file changed, 1 deletion(-)

diff --git a/eclipse/org.mybatis.generator.eclipse.ui/src/org/mybatis/generator/eclipse/ui/content/ConfigVerifyer.java b/eclipse/org.mybatis.generator.eclipse.ui/src/org/mybatis/generator/eclipse/ui/content/ConfigVerifyer.java
index 98edc83d1a..cb914eac2e 100644
--- a/eclipse/org.mybatis.generator.eclipse.ui/src/org/mybatis/generator/eclipse/ui/content/ConfigVerifyer.java
+++ b/eclipse/org.mybatis.generator.eclipse.ui/src/org/mybatis/generator/eclipse/ui/content/ConfigVerifyer.java
@@ -97,7 +97,6 @@ public boolean isConfigurationFile() {
     private boolean isConfigFile(InputStream inputStream) {
         try {
             SAXParserFactory factory = SAXParserFactory.newInstance();
-            factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
             factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
             factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
             factory.setValidating(false);