Skip to content

Commit 188e314

Browse files
pixee-standardchartered[bot]pixee-standardchartered[bot]
authored
(Sonar) Fixed finding: "String literals should not be duplicated"
1 parent 3cc8295 commit 188e314

File tree

1 file changed

+12
-8
lines changed

1 file changed

+12
-8
lines changed

src/main/java/com/acme/xxe/XXEVulnFixed.java

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -46,8 +46,8 @@ public static String docToString(final Document poDocument) throws TransformerEx
4646
public static void saxTransformer(String xml)
4747
throws ParserConfigurationException, SAXException, IOException {
4848
SAXParserFactory spf = SAXParserFactory.newInstance();
49-
spf.setFeature("http://xml.org/sax/features/external-general-entities", false);
50-
spf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
49+
spf.setFeature(HTTP_XML_ORG_SAX_FEATURES_EXTERNAL_GENERAL_ENTITIES, false);
50+
spf.setFeature(HTTP_XML_ORG_SAX_FEATURES_EXTERNAL_PARAMETER_ENTITIES, false);
5151
spf.setValidating(true);
5252

5353
SAXParser saxParser = spf.newSAXParser();
@@ -58,17 +58,17 @@ public static void saxTransformer(String xml)
5858
public static Document withDom(String xml)
5959
throws ParserConfigurationException, IOException, SAXException {
6060
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
61-
dbf.setFeature("http://xml.org/sax/features/external-general-entities", false);
62-
dbf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
61+
dbf.setFeature(HTTP_XML_ORG_SAX_FEATURES_EXTERNAL_GENERAL_ENTITIES, false);
62+
dbf.setFeature(HTTP_XML_ORG_SAX_FEATURES_EXTERNAL_PARAMETER_ENTITIES, false);
6363
DocumentBuilder db = dbf.newDocumentBuilder();
6464
return db.parse(new InputSource(new StringReader(xml)));
6565
}
6666

6767
public static Document withDomButDisabled(String xml)
6868
throws ParserConfigurationException, IOException, SAXException {
6969
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
70-
dbf.setFeature("http://xml.org/sax/features/external-general-entities", false);
71-
dbf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
70+
dbf.setFeature(HTTP_XML_ORG_SAX_FEATURES_EXTERNAL_GENERAL_ENTITIES, false);
71+
dbf.setFeature(HTTP_XML_ORG_SAX_FEATURES_EXTERNAL_PARAMETER_ENTITIES, false);
7272
dbf.setExpandEntityReferences(true);
7373
DocumentBuilder db = dbf.newDocumentBuilder();
7474
return db.parse(new InputSource(new StringReader(xml)));
@@ -77,8 +77,12 @@ public static Document withDomButDisabled(String xml)
7777
public static void withReaderFactory(String xml)
7878
throws IOException, SAXException {
7979
XMLReader reader = XMLReaderFactory.createXMLReader();
80-
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
81-
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
80+
reader.setFeature(HTTP_XML_ORG_SAX_FEATURES_EXTERNAL_GENERAL_ENTITIES, false);
81+
reader.setFeature(HTTP_XML_ORG_SAX_FEATURES_EXTERNAL_PARAMETER_ENTITIES, false);
8282
reader.parse(new InputSource(new StringReader(xml)));
8383
}
84+
85+
private static final String HTTP_XML_ORG_SAX_FEATURES_EXTERNAL_GENERAL_ENTITIES = "http://xml.org/sax/features/external-general-entities";
86+
87+
private static final String HTTP_XML_ORG_SAX_FEATURES_EXTERNAL_PARAMETER_ENTITIES = "http://xml.org/sax/features/external-parameter-entities";
8488
}

0 commit comments

Comments
 (0)