XML parsing vulnerable to XXE for XPath
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
ID: java-security/xml-parsing-xxe-xpath
Language: Java
Severity: Warning
Category: Security
CWE: 611
Description
Your code may be vulnerable XML if you process XML from an untrusted source. Make sure to enable secure processing when you process XML data.
For DocumentBuilderFactory
, make sure you set XMLConstants.FEATURE_SECURE_PROCESSING
to true.
Learn More
Non-Compliant Code Examples
class MyClass {
public void test() {
DocumentBuilderFactory df = DocumentBuilderFactory.newInstance();
DocumentBuilder builder = df.newDocumentBuilder();
DocumentBuilder db2 = DocumentBuilderFactory.newInstance().newDocumentBuilder();
}
}
Compliant Code Examples
class MyClass {
public void test() {
DocumentBuilderFactory df = DocumentBuilderFactory.newInstance();
df.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
DocumentBuilder builder = df.newDocumentBuilder();
}
}
Seamless integrations. Try Datadog Code Analysis