refactor: Java Security Ultimate Scan 2023

client/src/main/java/org/asynchttpclient/webdav/WebDavCompletionHandlerBase.java

@@ -76,6 +76,13 @@ public final State onHeadersReceived(final HttpHeaders headers) {
 
   private Document readXMLResponse(InputStream stream) {
     DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+    String FEATURE = "http://apache.org/xml/features/disallow-doctype-decl";
+    try {
+      factory.setFeature(FEATURE, true);
+    } catch (ParserConfigurationException e) {
+      throw new IllegalStateException("ParserConfigurationException was thrown. The feature '"
+              + FEATURE + "' is not supported by your XML processor.", e);
+    }
     Document document;
     try {
       document = factory.newDocumentBuilder().parse(stream);

client/src/test/java/org/asynchttpclient/request/body/multipart/MultipartUploadTest.java

@@ -105,7 +105,7 @@ public void testSendingSmallFilesAndByteArray() throws Exception {
     gzipped.add(true);
     gzipped.add(false);
 
-    File tmpFile = File.createTempFile("textbytearray", ".txt");
+    File tmpFile = Files.createTempFile("textbytearray", ".txt").toFile();
     try (OutputStream os = Files.newOutputStream(tmpFile.toPath())) {
       IOUtils.write(expectedContents.getBytes(UTF_8), os);
 
@@ -380,8 +380,7 @@ public void service(HttpServletRequest request, HttpServletResponse response)
               } else {
                 LOGGER.debug("File field " + name + " with file name " + item.getName() + " detected.");
                 // Process the input stream
-                File tmpFile = File.createTempFile(UUID.randomUUID().toString() + "_MockUploadServlet",
-                        ".tmp");
+                File tmpFile = Files.createTempFile(UUID.randomUUID().toString() + "_MockUploadServlet", ".tmp").toFile();
                 tmpFile.deleteOnExit();
                 try (OutputStream os = Files.newOutputStream(tmpFile.toPath())) {
                   byte[] buffer = new byte[4096];

client/src/test/java/org/asynchttpclient/test/TestUtils.java

@@ -120,7 +120,7 @@ public static File resourceAsFile(String path) throws URISyntaxException, IOExce
     if (uri.isAbsolute() && !uri.isOpaque()) {
       return new File(uri);
     } else {
-      File tmpFile = File.createTempFile("tmpfile-", ".data", TMP_DIR);
+      File tmpFile = Files.createTempFile(TMP_DIR.toPath(), "tmpfile-", ".data").toFile();
       tmpFile.deleteOnExit();
       try (InputStream is = cl.getResourceAsStream(path)) {
         FileUtils.copyInputStreamToFile(is, tmpFile);
@@ -131,7 +131,7 @@ public static File resourceAsFile(String path) throws URISyntaxException, IOExce
 
   public static File createTempFile(int approxSize) throws IOException {
     long repeats = approxSize / TestUtils.PATTERN_BYTES.length + 1;
-    File tmpFile = File.createTempFile("tmpfile-", ".data", TMP_DIR);
+    File tmpFile = Files.createTempFile(TMP_DIR.toPath(), "tmpfile-", ".data").toFile();
     tmpFile.deleteOnExit();
     try (OutputStream out = Files.newOutputStream(tmpFile.toPath())) {
       for (int i = 0; i < repeats; i++) {

extras/simple/src/test/java/org/asynchttpclient/extras/simple/SimpleAsyncHttpClientTest.java

@@ -24,6 +24,7 @@
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.File;
+import java.nio.file.Files;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -113,7 +114,7 @@ public void testPutZeroBytesFileTest() throws Exception {
             .setRequestTimeout(5 * 1000)
             .setUrl(getTargetUrl() + "/testPutZeroBytesFileTest.txt")
             .setHeader("Content-Type", "text/plain").build()) {
-      File tmpfile = File.createTempFile("testPutZeroBytesFile", ".tmp");
+      File tmpfile = Files.createTempFile("testPutZeroBytesFile", ".tmp").toFile();
       tmpfile.deleteOnExit();
 
       Future<Response> future = client.put(new FileBodyGenerator(tmpfile));