S2755 False positive in SonarLint

(Jozef Burgel) #1

We have updated our quality profile with new rules that are right now detected by sonar lint as well. However sonar lint will still mark the code in IntelijIdea as incorrect even when the appropriate steps are carried out. Can someone take a look if this is only issue with sonar lint plugin, or if the rule itself should be improved somehow?

  • versions used are 6.7.6 with latest sonar java plugin.

import javax.xml.XMLConstants;
import javax.xml.transform.Source;
import javax.xml.validation.Schema;
import javax.xml.validation.Validator;
import java.io.IOException;

public final class XmlValidator {

	private final Schema schema;

	public XmlValidator(Schema schema) {
		this.schema = schema;
	}

	public void validate(Source source) throws IOException, SAXException {
		Validator validator = schema.newValidator();
		validator.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
		validator.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
	}

}```
S2755 fails for DocumentBuilderFactory XXE should be disabled