Do not use external XML entities

Metadata

ID: typescript-common-security/xml-no-external-entities

Language: TypeScript

Severity: Warning

Category: Security

CWE: 611

Description

Process external entities in XML files may lead to XXE attack. Do not load external entities unless they have been explicitly checked.

Non-Compliant Code Examples

import libxmljs from 'libxmljs';
import fs from 'fs';

const xml = fs.readFileSync('file.xml', 'utf8');
libxmljs.parseXmlString(xml, {
    noent: true,
});

Compliant Code Examples

import libxmljs from 'libxmljs';
import fs from 'fs';

const xml = fs.readFileSync('file.xml', 'utf8');
libxmljs.parseXmlString(xml);
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis