Sigma (SIGMA.xml_external_entity_enabled) in XmlWalker.java: 88 #47

StrongestNumber9 · 2024-06-24T14:17:14Z

Describe the bug

*** CID 1594365:  Sigma  (SIGMA.xml_external_entity_enabled)
/src/main/java/com/teragrep/pth_06/planner/walker/XmlWalker.java: 88 in com.teragrep.pth_06.planner.walker.XmlWalker::fromString(XmlWalker, String)T()
82         public XmlWalker() {
83     
84         }
85     
86         public <T> T fromString(String inXml) throws Exception {
87             Object rv;
>>>     CID 1594365:  Sigma  (SIGMA.xml_external_entity_enabled)
>>>     Java API for XML processing's `DocumentBuilderFactory` or `SAXParserFactory` class has not been configured to prevent expansion of external entities during XML parsing. External entity expansion may cause a server-side request forgery, denial of service, exposure of sensitive data or unwanted server requests.
88             DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
89             DocumentBuilder loader = factory.newDocumentBuilder();
90             Document document = loader.parse(new InputSource(new StringReader(inXml)));
91     
92             DocumentTraversal traversal = (DocumentTraversal) document;
93             LOGGER.info("XmlWalker.fromString incoming:" + inXml);

Software version

3.0.1

The text was updated successfully, but these errors were encountered:

StrongestNumber9 added bug Something isn't working Coverity Issues found by coverity labels Jun 24, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sigma (SIGMA.xml_external_entity_enabled) in XmlWalker.java: 88 #47

Sigma (SIGMA.xml_external_entity_enabled) in XmlWalker.java: 88 #47

StrongestNumber9 commented Jun 24, 2024

Sigma (SIGMA.xml_external_entity_enabled) in XmlWalker.java: 88 #47

Sigma (SIGMA.xml_external_entity_enabled) in XmlWalker.java: 88 #47

Comments

StrongestNumber9 commented Jun 24, 2024