fix: handle unsupported external DTD and schema properties

terrestris · Oct 11, 2024 · 0450f3c · 0450f3c
1 parent 382bad9
commit 0450f3c
Showing 1 changed file with 12 additions and 6 deletions.
diff --git a/shogun-gs-interceptor/src/main/java/de/terrestris/shogun/interceptor/util/OgcXmlUtil.java b/shogun-gs-interceptor/src/main/java/de/terrestris/shogun/interceptor/util/OgcXmlUtil.java
@@ -85,15 +85,21 @@ public static Document getDocumentFromString(String xml) throws IOException {
             InputSource source = new InputSource(new StringReader(xml));
             DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
 
-            // limit resolution of external entities, see https://rules.sonarsource.com/c/type/Vulnerability/RSPEC-2755
-            factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
-            factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
+            try {
+                // limit resolution of external entities, see https://rules.sonarsource.com/c/type/Vulnerability/RSPEC-2755
+                factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+                factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
+            } catch (IllegalArgumentException e) {
+                log.error("External DTD/Schema access properties not supported:"
+                    + e.getMessage());
+            }
 
             DocumentBuilder builder = factory.newDocumentBuilder();
             document = builder.parse(source);
-        } catch (ParserConfigurationException | SAXException | IOException e) {
-            throw new IOException("Could not parse input body " +
-                "as XML: " + e.getMessage());
+        } catch (IllegalArgumentException | ParserConfigurationException
+            | SAXException | IOException e) {
+            throw new IOException("Could not parse input body as XML: "
+                + e.getMessage());
         }
         return document;
     }