perf: make validation more secure

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

cyclonedx/validation/xml.py

@@ -65,11 +65,16 @@ def _validata_data(self, data: Any) -> Optional[ValidationError]:
 
         __validator: Optional['XMLSchema'] = None
 
-        __xml_parser = XMLParser(
-            resolve_entities=False,
-            no_network=True,
-            huge_tree=True,
-            compact=True)
+        @property
+        def __xml_parser(self) -> XMLParser:
+            return XMLParser(
+                attribute_defaults=False, dtd_validation=False, load_dtd=False,
+                no_network=True,
+                resolve_entities=False,
+                huge_tree=True,
+                compact=True,
+                recover=False
+            )
 
         @property
         def _validator(self) -> 'XMLSchema':