XML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. The XML parser can access the contents of this URI and embed these contents back into the XML document for further processing. the attacker can force the application to make outgoing requests to servers that the attacker cannot reach directly, which can be used to bypass firewall restrictions or hide the source of attacks such as port scanning.
Following my snippet of code for that Veracode plugin showing error please help me how I can bypass this check.
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setValidating(true);
dbf.setNamespaceAware(true);
try {
FEATURE = "http://apache.org/xml/features/nonvalidating/load-external-dtd";
dbf.setFeature(FEATURE, true);
DocumentBuilder db = dbf.newDocumentBuilder();
inputStream = new BufferedInputStream(new
FileInputStream(sourceFile.getSourceFile()));
Document doc = db.parse(inputStream);```