public static String getAttributeFromS3ErrorResponse()

in function/java11/src/main/java/com/amazon/s3objectlambda/response/ResponseUtil.java [28:64]

• 29 lines of code
• 4 McCabe index (conditional complexity)

    public static String getAttributeFromS3ErrorResponse(String errorResponse, String attribute) {
        var factory = DocumentBuilderFactory.newInstance();
        /*
        Prevent XML External Entity (XXE) Processing
        https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing
        */
        try {
            factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
            factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
            factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
        } catch (ParserConfigurationException e) {
            e.printStackTrace();
        }
        factory.setXIncludeAware(false);
        factory.setExpandEntityReferences(false);

        var errorResponseInputSource = new InputSource(new StringReader(errorResponse));
        DocumentBuilder builder;
        Document errorResponseDocument;

        try {
            builder = factory.newDocumentBuilder();
        } catch (ParserConfigurationException e) {
            e.printStackTrace();
            return null;
        }

        try {
            errorResponseDocument = builder.parse(errorResponseInputSource);
        } catch (SAXException | IOException e) {
            e.printStackTrace();
            return null;
        }

        var nList = errorResponseDocument.getElementsByTagName(attribute);
        return nList.item(0).getTextContent();
    }