Do not use external XML entities
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
ID: javascript-common-security/xml-no-external-entities
Language: JavaScript
Severity: Warning
Category: Security
CWE: 611
Description
Process external entities in XML files may lead to XXE attack. Do not load external entities unless they have been explicitly checked.
Non-Compliant Code Examples
var libxmljs = require('libxmljs');
var fs = require('fs');
var xml = fs.readFileSync('file.xml', 'utf8');
libxmljs.parseXmlString(xml, {
noent: true,
});
Compliant Code Examples
var libxmljs = require('libxmljs');
var fs = require('fs');
var xml = fs.readFileSync('file.xml', 'utf8');
libxmljs.parseXmlString(xml);
Seamless integrations. Try Datadog Code Analysis