Fixed JXPath library vulnerability (#1651)

allegro · Jan 19, 2023 · 72ecc5a · 72ecc5a
1 parent d9dfb02
commit 72ecc5a
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/...in/java/pl/allegro/tech/hermes/management/infrastructure/query/graph/JXPathAttribute.java b/...in/java/pl/allegro/tech/hermes/management/infrastructure/query/graph/JXPathAttribute.java
@@ -1,5 +1,6 @@
 package pl.allegro.tech.hermes.management.infrastructure.query.graph;
 
+import org.apache.commons.jxpath.FunctionLibrary;
 import org.apache.commons.jxpath.JXPathContext;
 
 public class JXPathAttribute implements ObjectAttribute {
@@ -15,6 +16,8 @@ public JXPathAttribute(Object target, String path) {
 
     @Override
     public Object value() {
-        return JXPathContext.newContext(target).getValue(path);
+        JXPathContext context = JXPathContext.newContext(target);
+        context.setFunctions(new FunctionLibrary());
+        return context.getValue(path);
     }
 }