XML External Entity Injection : showing error on this line DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new InputSource(sr));

Asked Jan 22 '19 at 07:07

Active Jan 22 '19 at 07:12

Viewed 192 times

URL configurlURL = new URL(configurl.toString()); // validate
String domainConfig = get(configurl.toString(), headers, null);

// find and get the schema file from the reference url
Document doc = null;
try (StringReader sr = new StringReader(domainConfig)) {
    doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new InputSource(sr));
}

edited Jan 22 '19 at 07:12

Fullstack Guy

16,368
3
29
44

asked Jan 22 '19 at 07:07

Prasad Lengare

XML parser configured in line 4 does not prevent nor limit external entities resolution. This can expose the parser to an XML External Entities attackUsing XML parsers configured to not prevent nor limit external entities resolution can expose the parser to an XML External Entities attack. – Prasad Lengare Jan 22 '19 at 07:09
issue raised by HP fortify scan tool – Prasad Lengare Jan 22 '19 at 07:10
already referred link but unable to solve https://stackoverflow.com/questions/42125189/hp-fortify-xml-external-entity-injection – Prasad Lengare Jan 22 '19 at 07:11

XML External Entity Injection : showing error on this line DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new InputSource(sr));

0 Answers0