Do not use external XML entities
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
ID: typescript-common-security/xml-no-external-entities
Language: TypeScript
Severity: Warning
Category: Security
CWE: 611
Description
Process external entities in XML files may lead to XXE attack. Do not load external entities unless they have been explicitly checked.
Non-Compliant Code Examples
import libxmljs from 'libxmljs';
import fs from 'fs';
const xml = fs.readFileSync('file.xml', 'utf8');
libxmljs.parseXmlString(xml, {
noent: true,
});
Compliant Code Examples
import libxmljs from 'libxmljs';
import fs from 'fs';
const xml = fs.readFileSync('file.xml', 'utf8');
libxmljs.parseXmlString(xml);
Seamless integrations. Try Datadog Code Analysis