I get all the way everytime again this error even though I changed my code to what I found in the web to this following:
private Document convertInputToDocument(InputStream xml) {
try {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
factory.setIgnoringElementContentWhitespace(true);
DocumentBuilder builder = factory.newDocumentBuilder();
return builder.parse(xml);
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
the reason behind this is/was that the fortify scan doesn't compile those packages which are used and therefore can't see that we provide enough security!