fix(vulnerability): address possible failures/vulnerability (#66)

Author: carlosthe19916

core/src/main/java/io/github/project/openubl/xsender/camel/routes/RestSunatResponseProcessor.java

@@ -66,7 +66,7 @@ public void process(Exchange exchange) throws Exception {
 
                 Metadata metadata = Metadata.builder()
                         .responseCode(responseErrorCode.map(Integer::parseInt).orElse(statusCode))
-                        .description(responseErrorDescription.orElseGet(null))
+                        .description(responseErrorDescription.orElse(null))
                         .notes(Collections.emptyList())
                         .build();
 

core/src/main/java/io/github/project/openubl/xsender/utils/ByteUtils.java

@@ -53,7 +53,13 @@ public static byte[] getFirstXmlFileFromZip(byte[] data) throws IOException {
 
     public static Document getDocumentFromBytes(byte[] cdrXml) throws ParserConfigurationException, IOException, SAXException {
         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+
+        factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+        factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+        factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+        factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
         factory.setNamespaceAware(true);
+
         DocumentBuilder builder = factory.newDocumentBuilder();
         return builder.parse(new ByteArrayInputStream(cdrXml));
     }