chore: fixed Sonar issue

solidify-xml/src/main/java/ch/unige/solidify/util/XMLTool.java

@@ -486,8 +486,17 @@ public class XMLTool {
   private static void setSecureParameters(DocumentBuilderFactory factory) throws ParserConfigurationException {
     // Disable external resources
     try {
+      // to be compliant, completely disable DOCTYPE declaration:
+      factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+      // or completely disable external entities declarations:
+      factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+      factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+      // or prohibit the use of all protocols by external entities:
       factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
       factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
+      // or disable entity expansion but keep in mind that this doesn't prevent fetching external entities
+      // and this solution is not correct for OpenJDK < 13 due to a bug: https://bugs.openjdk.java.net/browse/JDK-8206132
+      factory.setExpandEntityReferences(false);
     } catch (IllegalArgumentException e) {
       log.warn("Cannot disable external access: {}", e.getMessage());
     }