Fix code scanning alert no. 41: Resolving XML external entity in user…

…-controlled data Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
kermitt2 · Nov 30, 2024 · e99d8d4 · e99d8d4
1 parent 37dcec1
commit e99d8d4
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/grobid-core/src/main/java/org/grobid/core/document/OPSService.java b/grobid-core/src/main/java/org/grobid/core/document/OPSService.java
@@ -118,8 +118,11 @@ public String descriptionRetrieval(String patentNumber) throws IOException,
 			spf.setFeature("http://xml.org/sax/features/validation", false);
 			spf.setFeature("http://xml.org/sax/features/external-general-entities", false);
 			spf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+			spf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
 			//get a new instance of parser
 			XMLReader reader = spf.newSAXParser().getXMLReader();
+			reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
+			reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
 			reader.setEntityResolver(new EntityResolver() {
 				public InputSource resolveEntity(String publicId, String systemId) {
 					return new InputSource(