From 986018890c8cffd4bfe80b2b3dd15c6528f2b000 Mon Sep 17 00:00:00 2001 From: "adel.ka" Date: Fri, 21 Nov 2025 18:10:43 +0300 Subject: [PATCH 1/3] Update versions for hotfix --- backend/pom.xml | 2 +- config-data-executor/pom.xml | 2 +- frontend/pom.xml | 2 +- pom.xml | 2 +- resources/pom.xml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/backend/pom.xml b/backend/pom.xml index 7fc7719..bef3c56 100644 --- a/backend/pom.xml +++ b/backend/pom.xml @@ -5,7 +5,7 @@ ru.micord.ervu eks - 1.1.4 + 1.1.5-SNAPSHOT ru.micord.ervu.eks backend diff --git a/config-data-executor/pom.xml b/config-data-executor/pom.xml index a82a7e7..aae9d83 100644 --- a/config-data-executor/pom.xml +++ b/config-data-executor/pom.xml @@ -6,7 +6,7 @@ ru.micord.ervu eks - 1.1.4 + 1.1.5-SNAPSHOT ru.micord.ervu.eks config-data-executor diff --git a/frontend/pom.xml b/frontend/pom.xml index 456c755..1a83a07 100644 --- a/frontend/pom.xml +++ b/frontend/pom.xml @@ -4,7 +4,7 @@ ru.micord.ervu eks - 1.1.4 + 1.1.5-SNAPSHOT ru.micord.ervu.eks diff --git a/pom.xml b/pom.xml index bde114a..43573e4 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ 4.0.0 ru.micord.ervu eks - 1.1.4 + 1.1.5-SNAPSHOT pom backend diff --git a/resources/pom.xml b/resources/pom.xml index 9a054e2..9cc037c 100644 --- a/resources/pom.xml +++ b/resources/pom.xml @@ -4,7 +4,7 @@ ru.micord.ervu eks - 1.1.4 + 1.1.5-SNAPSHOT ru.micord.ervu.eks From 682d3b1bcc3cb8eb61d36eb6fa314b18987a8eb8 Mon Sep 17 00:00:00 2001 From: "adel.ka" Date: Fri, 21 Nov 2025 18:14:04 +0300 Subject: [PATCH 2/3] DocumentBuilderFactory DTD fix --- .../org/micord/service/RequestService.java | 20 +++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/config-data-executor/src/main/java/org/micord/service/RequestService.java b/config-data-executor/src/main/java/org/micord/service/RequestService.java index ea810f9..73a73d0 100644 --- a/config-data-executor/src/main/java/org/micord/service/RequestService.java +++ b/config-data-executor/src/main/java/org/micord/service/RequestService.java @@ -23,6 +23,7 @@ import java.util.stream.IntStream; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; +import jakarta.annotation.PostConstruct; import org.micord.config.ArangoDBConnection; import org.micord.config.DatabaseConnection; import org.micord.config.S3HttpConnection; @@ -56,12 +57,18 @@ public class RequestService { private static final Logger logger = LoggerFactory.getLogger(RequestService.class); + private DocumentBuilderFactory secureDocumentFactory; @Autowired private HttpClient httpClient; @Autowired private ValidationService validationService; + @PostConstruct + public void init() { + secureDocumentFactory = createSecureDocumentBuilderFactory(); + } + private void processS3Request(S3Request request, RequestParameters parameters, Map validationResults) { logger.info("B. Starting processing of single S3 request"); try { @@ -219,8 +226,7 @@ public class RequestService { private void handleErrorResponse(HttpResponse response, String file) { try { - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - DocumentBuilder builder = factory.newDocumentBuilder(); + DocumentBuilder builder = secureDocumentFactory.newDocumentBuilder(); InputSource is = new InputSource(new StringReader(response.body())); Document doc = builder.parse(is); Element root = doc.getDocumentElement(); @@ -703,4 +709,14 @@ public class RequestService { } } + private DocumentBuilderFactory createSecureDocumentBuilderFactory() { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + try { + factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + } + catch (Exception e) { + throw new RuntimeException("Failed to secure XML parser", e); + } + return factory; + } } From 6302e630ab4a008d1b6ceddf60fdb73772587cf9 Mon Sep 17 00:00:00 2001 From: "adel.ka" Date: Fri, 21 Nov 2025 18:15:39 +0300 Subject: [PATCH 3/3] Update for next development version --- backend/pom.xml | 2 +- config-data-executor/pom.xml | 2 +- frontend/pom.xml | 2 +- pom.xml | 2 +- resources/pom.xml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/backend/pom.xml b/backend/pom.xml index bef3c56..f3efba0 100644 --- a/backend/pom.xml +++ b/backend/pom.xml @@ -5,7 +5,7 @@ ru.micord.ervu eks - 1.1.5-SNAPSHOT + 1.1.5 ru.micord.ervu.eks backend diff --git a/config-data-executor/pom.xml b/config-data-executor/pom.xml index aae9d83..7a0c8bd 100644 --- a/config-data-executor/pom.xml +++ b/config-data-executor/pom.xml @@ -6,7 +6,7 @@ ru.micord.ervu eks - 1.1.5-SNAPSHOT + 1.1.5 ru.micord.ervu.eks config-data-executor diff --git a/frontend/pom.xml b/frontend/pom.xml index 1a83a07..961fece 100644 --- a/frontend/pom.xml +++ b/frontend/pom.xml @@ -4,7 +4,7 @@ ru.micord.ervu eks - 1.1.5-SNAPSHOT + 1.1.5 ru.micord.ervu.eks diff --git a/pom.xml b/pom.xml index 43573e4..b2c8af9 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ 4.0.0 ru.micord.ervu eks - 1.1.5-SNAPSHOT + 1.1.5 pom backend diff --git a/resources/pom.xml b/resources/pom.xml index 9cc037c..63f2172 100644 --- a/resources/pom.xml +++ b/resources/pom.xml @@ -4,7 +4,7 @@ ru.micord.ervu eks - 1.1.5-SNAPSHOT + 1.1.5 ru.micord.ervu.eks