From 2ab92a940bf5ab781ad71f6d3bef80fa3cd33aed Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sun, 16 Jul 2017 13:15:23 -0400
Subject: [PATCH] updates to resolve issue #801

---
 .../java/org/owasp/dependencycheck/xml/XmlInputStream.java     | 3 ++-
 .../java/org/owasp/dependencycheck/xml/pom/PomUtilsTest.java   | 2 +-
 dependency-check-core/src/test/resources/jmockit-1.26.pom      | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/XmlInputStream.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/XmlInputStream.java
index f981c228b..cec6f0407 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/XmlInputStream.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/XmlInputStream.java
@@ -159,7 +159,8 @@ public class XmlInputStream extends FilterInputStream {
                 // Keep it.
                 pushBack.append(code);
             } else {
-                throw new IOException("Invalid/Unknown reference '&" + reference + ";'");
+                // invalid entity. Encode the & and append the sequence of chars.
+                pushBack.append("&#38;").append(reference).append((char) ch);
             }
         } else {
             // Did not terminate properly!
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/pom/PomUtilsTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/pom/PomUtilsTest.java
index 879e1217f..c2f05452c 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/pom/PomUtilsTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/pom/PomUtilsTest.java
@@ -49,7 +49,7 @@ public class PomUtilsTest extends BaseTest {
         assertEquals(expResult, result.getOrganizationUrl());
 
         file = BaseTest.getResourceAsFile(this, "jmockit-1.26.pom");
-        expResult = "Main ø modified to test issue #710";
+        expResult = "Main ø modified to test issue #710 and #801 (&amps;)";
         result = PomUtils.readPom(file);
         assertEquals(expResult, result.getName());
     }
diff --git a/dependency-check-core/src/test/resources/jmockit-1.26.pom b/dependency-check-core/src/test/resources/jmockit-1.26.pom
index 3faac78be..9a2fef310 100644
--- a/dependency-check-core/src/test/resources/jmockit-1.26.pom
+++ b/dependency-check-core/src/test/resources/jmockit-1.26.pom
@@ -7,7 +7,7 @@
    <groupId>org.jmockit</groupId><artifactId>jmockit</artifactId><version>1.26</version>
    <packaging>jar</packaging>
 
-   <name>Main &oslash; modified to test issue #710</name>
+   <name>Main &oslash; modified to test issue #710 and #801 (&amps;)</name>
    <description>
       JMockit is a Java toolkit for automated developer testing.
       It contains mocking and faking APIs and a code coverage tool, supporting both JUnit and TestNG.