XML parsing vulnerable to XXE for SAX Parsers
This product is not supported for your selected
Datadog site. (
).
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
ID: java-security/xml-parsing-xxe-saxparser
Language: Java
Severity: Warning
Category: Security
CWE: 611
Description
Your code may be vulnerable XML if you process XML from an untrusted source.
Make sure to enable secure processing when you process XML data by setting XMLConstants.FEATURE_SECURE_PROCESSING
to true.
Learn More
Non-Compliant Code Examples
class MyClass {
public void test() {
SAXParser parser = SAXParserFactory.newInstance().newSAXParser();
parser.parse(inputStream, customHandler);
SAXParserFactory spf2 = SAXParserFactory.newInstance();
SAXParser parser = spf2.newSAXParser();
}
}
Compliant Code Examples
class MyClass {
public void test() {
SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
SAXParser parser = spf.newSAXParser();
}
}
Seamless integrations. Try Datadog Code Security