[ https://issues.apache.org/jira/browse/CALCITE-5274?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ruben Q L updated CALCITE-5274: ------------------------------- Summary: Improve DocumentBuilderFactory in DiffRepository test class by using secure features (was: prevent XXE possibilities in DiffRepository (calcite testkit)) > Improve DocumentBuilderFactory in DiffRepository test class by using secure > features > ------------------------------------------------------------------------------------ > > Key: CALCITE-5274 > URL: https://issues.apache.org/jira/browse/CALCITE-5274 > Project: Calcite > Issue Type: Improvement > Components: extensions > Reporter: PJ Fanning > Assignee: Ruben Q L > Priority: Minor > Fix For: 1.32.0 > > > [https://github.com/apache/calcite/pull/2892#discussion_r964468020] > DocumentBuilderFactory use in DiffRepository needs changes like those in > [https://github.com/apache/calcite/pull/2892|https://github.com/apache/calcite/pull/2892#discussion_r964468020] > There is also an issue with `this.doc = > docBuilder.parse(refFile.openStream());` - the `refFile.openStream()` gives > an InputStream that should be closed - try with resources pattern would make > sense. > -- This message was sent by Atlassian Jira (v8.20.10#820010)