This product is not supported for your selected Datadog site. ().
Cette page n'est pas encore disponible en français, sa traduction est en cours. Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.
This rule ensures that XML parsers do not resolve external entities during parsing. Resolving external entities can expose applications to XML External Entity (XXE) attacks, where malicious XML input can access sensitive files, cause denial of service, or execute remote requests. Preventing the resolution of external entities helps protect the application from these security vulnerabilities.
It is important to disable the shouldResolveExternalEntities property on XML parser instances or leave it unset, as it defaults to false in most implementations. This reduces the attack surface by preventing the parser from fetching or processing external resources referenced in the XML content. Developers should explicitly set parser.shouldResolveExternalEntities = false or avoid enabling it unless absolutely necessary.
To comply with this rule, ensure your XML parsing code does not enable external entity resolution. For example, write parser.shouldResolveExternalEntities = false or omit this property entirely since it is disabled by default. Always validate and sanitize XML input and prefer safer parsing configurations to avoid introducing security risks related to external entities.
classXXEViewController:ViewController{functest(xml:String){parser=NSXMLParser(data:rawXml.dataUsingEncoding(NSUTF8StringEncoding)!)parser.delegate=self// ok: good xxe (external entities resolution disabled by default)parser.parse()}}
