Do not use external XML entities

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Metadata

ID: typescript-common-security/xml-no-external-entities

Language: TypeScript

Severity: Warning

Category: Security

CWE: 611

Description

Process external entities in XML files may lead to XXE attack. Do not load external entities unless they have been explicitly checked.

Non-Compliant Code Examples

import libxmljs from 'libxmljs';
import fs from 'fs';

const xml = fs.readFileSync('file.xml', 'utf8');
libxmljs.parseXmlString(xml, {
    noent: true,
});

Compliant Code Examples

import libxmljs from 'libxmljs';
import fs from 'fs';

const xml = fs.readFileSync('file.xml', 'utf8');
libxmljs.parseXmlString(xml);
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis