Secure SAXParser (#47)

Author: carlosthe19916

core/src/main/java/io/github/project/openubl/xsender/files/xml/XmlContentProvider.java

@@ -36,10 +36,12 @@ public static XmlContent getSunatDocument(InputStream is) throws ParserConfigura
         XmlHandler handler = new XmlHandler();
 
         SAXParserFactory factory = SAXParserFactory.newInstance();
+        factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
         factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
         factory.setNamespaceAware(true);
 
         SAXParser parser = factory.newSAXParser();
+        parser.getXMLReader().setFeature("http://xml.org/sax/features/external-general-entities", false);
         parser.parse(is, handler);
 
         return handler.getModel();