From 044f158bbc87d51dc3f215762e5dda46c681daf9 Mon Sep 17 00:00:00 2001
From: Luca Foppiano <lfoppiano@users.noreply.github.com>
Date: Sun, 22 Sep 2024 05:35:55 +0000
Subject: [PATCH] Fix code scanning alert #41: Resolving XML external entity in
 user-controlled data

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .../src/main/java/org/grobid/core/document/OPSService.java    | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/grobid-core/src/main/java/org/grobid/core/document/OPSService.java b/grobid-core/src/main/java/org/grobid/core/document/OPSService.java
index 1cd78d164d..7b2cf22763 100755
--- a/grobid-core/src/main/java/org/grobid/core/document/OPSService.java
+++ b/grobid-core/src/main/java/org/grobid/core/document/OPSService.java
@@ -116,8 +116,10 @@ public String descriptionRetrieval(String patentNumber) throws IOException,
 			spf.setValidating(false);
 			spf.setFeature("http://xml.org/sax/features/namespaces", false);
 			spf.setFeature("http://xml.org/sax/features/validation", false);
+			spf.setFeature("http://xml.org/sax/features/external-general-entities", false);
+			spf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
 			//get a new instance of parser
-			XMLReader reader = XMLReaderFactory.createXMLReader();
+			XMLReader reader = spf.newSAXParser().getXMLReader();
 			reader.setEntityResolver(new EntityResolver() {
 				public InputSource resolveEntity(String publicId, String systemId) {
 					return new InputSource(