From 29b29f94dd125e36f7f09e765d3503519a83a1d0 Mon Sep 17 00:00:00 2001
From: Jeremy Landis <jeremylandis@hotmail.com>
Date: Wed, 25 Sep 2024 19:53:15 -0400
Subject: [PATCH] Fix code scanning alert no. 4: Resolving XML external entity
 in user-controlled data

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/main/java/com/ibatis/common/xml/NodeletParser.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/com/ibatis/common/xml/NodeletParser.java b/src/main/java/com/ibatis/common/xml/NodeletParser.java
index 86b7813d..cf6f754e 100644
--- a/src/main/java/com/ibatis/common/xml/NodeletParser.java
+++ b/src/main/java/com/ibatis/common/xml/NodeletParser.java
@@ -254,7 +254,7 @@ private Document createDocument(InputStream inputStream)
     factory.setIgnoringComments(true);
     factory.setIgnoringElementContentWhitespace(false);
     factory.setCoalescing(false);
-    factory.setExpandEntityReferences(true);
+    factory.setExpandEntityReferences(false);
 
     DocumentBuilder builder = factory.newDocumentBuilder();
     builder.setEntityResolver(entityResolver);