XML parsing vulnerable to XXE for XML Reader
This product is not supported for your selected
Datadog site. (
).
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
ID: java-security/xml-parsing-xxe-xmlreader
Language: Java
Severity: Warning
Category: Security
CWE: 611
Description
Your code may be vulnerable XML if you process XML from an untrusted source.
Make sure to enable secure processing when you process XML data by setting XMLConstants.FEATURE_SECURE_PROCESSING
to true.
Learn More
Non-Compliant Code Examples
class MyClass {
public void test() {
XMLReader reader = XMLReaderFactory.createXMLReader();
reader.setContentHandler(customHandler);
reader.parse(new InputSource(inputStream));
}
}
Compliant Code Examples
class MyClass {
public void test() {
XMLReader reader = XMLReaderFactory.createXMLReader();
reader.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
reader.setContentHandler(customHandler);
reader.parse(new InputSource(inputStream));
}
}
Seamless integrations. Try Datadog Code Security