diff --git a/core/src/main/java/jenkins/util/xml/RestrictiveEntityResolver.java b/core/src/main/java/jenkins/util/xml/RestrictiveEntityResolver.java
index 87079b551e5ff40419a614aafc6edbec4bb99d0d..1cf37c9bd5393cad4ac06b5726df6fc6bb6ffd1a 100644
--- a/core/src/main/java/jenkins/util/xml/RestrictiveEntityResolver.java
+++ b/core/src/main/java/jenkins/util/xml/RestrictiveEntityResolver.java
@@ -1,5 +1,7 @@
package jenkins.util.xml;
+import org.kohsuke.accmod.Restricted;
+import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
@@ -9,9 +11,8 @@ import java.io.IOException;
/**
* An EntityResolver that will fail to resolve any entities.
* Useful in preventing External XML Entity injection attacks.
- *
- * @since TODO
*/
+@Restricted(NoExternalUse.class)
public final class RestrictiveEntityResolver implements EntityResolver {
public final static RestrictiveEntityResolver INSTANCE = new RestrictiveEntityResolver();
diff --git a/core/src/main/java/jenkins/util/xml/XMLUtils.java b/core/src/main/java/jenkins/util/xml/XMLUtils.java
index 5aab9b5567e3fd76477d09e8ad66a44f327f3160..84e6f6151bf6feba4b8589cb3ee4a8bea4d4120d 100644
--- a/core/src/main/java/jenkins/util/xml/XMLUtils.java
+++ b/core/src/main/java/jenkins/util/xml/XMLUtils.java
@@ -1,5 +1,7 @@
package jenkins.util.xml;
+import org.kohsuke.accmod.Restricted;
+import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.XMLReader;
@@ -21,6 +23,7 @@ import javax.xml.transform.sax.SAXTransformerFactory;
/**
* Utilities useful when working with various XML types.
*/
+@Restricted(NoExternalUse.class)
public final class XMLUtils {
private final static Logger LOGGER = LogManager.getLogManager().getLogger(XMLUtils.class.getName());
diff --git a/test/src/test/java/hudson/model/AbstractItemSecurityTest.java b/test/src/test/java/hudson/model/AbstractItemSecurityTest.java
index d9d26d363c496e02c76e63cb0c4496fdd2976162..3054ad3b4fe4b4d9ab7115aa49c229dccbaab591 100644
--- a/test/src/test/java/hudson/model/AbstractItemSecurityTest.java
+++ b/test/src/test/java/hudson/model/AbstractItemSecurityTest.java
@@ -56,22 +56,14 @@ public class AbstractItemSecurityTest {
@Test()
// SECURITY-167
- public void testUpdateByXmlIDoesNotProcessForeignResources() throws Exception {
+ public void testUpdateByXmlDoesNotProcessForeignResources() throws Exception {
final String xml = "\n" +
"\n" +
"]>\n" +
"\n" +
- " \n" +
" &foo;\n" +
- " false\n" +
- " \n" +
" \n" +
- " true\n" +
- " \n" +
- " \n" +
- " \n" +
- " \n" +
"";
FreeStyleProject project = jenkinsRule.createFreeStyleProject("security-167");
@@ -90,19 +82,11 @@ public class AbstractItemSecurityTest {
@Test()
// SECURITY-167
- public void testhamyXmlIDoesNotFail() throws Exception {
+ public void testUpdateByXmlDoesNotFail() throws Exception {
final String xml = "\n" +
"\n" +
- " \n" +
" &\n" +
- " false\n" +
- " \n" +
" \n" +
- " true\n" +
- " \n" +
- " \n" +
- " \n" +
- " \n" +
"";
FreeStyleProject project = jenkinsRule.createFreeStyleProject("security-167");