Merge pull request #301 from Azure/haozhan/fix-codeql

haoozhang · web-flow · commit 3d559fcf9701 · 2025-04-15T15:02:35.000+08:00
update by following copilot
diff --git a/rules/rules-reviewed/eap7/eap6/tests/data/data-resteasy/JAXBElementProvider.java b/rules/rules-reviewed/eap7/eap6/tests/data/data-resteasy/JAXBElementProvider.java
@@ -88,12 +88,8 @@ public JAXBElement<?> readFrom(Class<JAXBElement<?>> type,
             unmarshaller = decorateUnmarshaller(type, annotations, mediaType, unmarshaller);
 
             // Disable external entity resolution to prevent XXE attacks
-            try {
-                unmarshaller.setProperty(javax.xml.XMLConstants.ACCESS_EXTERNAL_DTD, "");
-                unmarshaller.setProperty(javax.xml.XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
-            } catch (IllegalArgumentException ex) {
-                throw new JAXBUnmarshalException("Failed to disable external entity resolution", ex);
-            }
+            unmarshaller.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
+            unmarshaller.setProperty(XMLInputFactory.SUPPORT_DTD, false);
 
             if (needsSecurity())
             {
