TechQA.

XML External Entity Injection (Input Validation and Representation, Data Flow)

1.6k views Asked by At

When I run HP fortify the following code is given as a XML External Entity injection.Problem line is specified as Error Line.Any Help is appreciated.

private Document parseXmlString(String stringname, boolean validating) {
        try {

            DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
            factory.setValidating(validating);

            ByteArrayInputStream is = new ByteArrayInputStream(stringname.getBytes());


            Document doc = factory.newDocumentBuilder().parse(is);//Error Line
                return doc;
            } catch (SAXException e) {
                // A parsing error occurred; the xml input is not valid
            } catch (ParserConfigurationException e) {

            } catch (IOException e) {
            }
            return null;
    }
java xml dom xml-parsing xmldocument
Original Q&A
1

There are 1 answers

0
Ravi Ranjan On

Related Questions in JAVA

Related Questions in XML

Related Questions in DOM

Related Questions in XML-PARSING

Related Questions in XMLDOCUMENT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions