You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
*** CID 1594365: Sigma (SIGMA.xml_external_entity_enabled)
/src/main/java/com/teragrep/pth_06/planner/walker/XmlWalker.java: 88 in com.teragrep.pth_06.planner.walker.XmlWalker::fromString(XmlWalker, String)T()
82 public XmlWalker() {
83
84 }
85
86 public <T> T fromString(String inXml) throws Exception {
87 Object rv;
>>> CID 1594365: Sigma (SIGMA.xml_external_entity_enabled)
>>> Java API for XML processing's `DocumentBuilderFactory` or `SAXParserFactory` class has not been configured to prevent expansion of external entities during XML parsing. External entity expansion may cause a server-side request forgery, denial of service, exposure of sensitive data or unwanted server requests.
88 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
89 DocumentBuilder loader = factory.newDocumentBuilder();
90 Document document = loader.parse(new InputSource(new StringReader(inXml)));
91
92 DocumentTraversal traversal = (DocumentTraversal) document;
93 LOGGER.info("XmlWalker.fromString incoming:" + inXml);
Software version
3.0.1
The text was updated successfully, but these errors were encountered:
Describe the bug
Software version
3.0.1
The text was updated successfully, but these errors were encountered: