XML External Entity Injection (Input Validation and Representation, Data Flow)

Question

XML External Entity Injection (Input Validation and Representation, Data Flow)

1.6k views Asked by Jagadish Sharma U At 23 November 2024 at 13:57

When I run HP fortify the following code is given as a XML External Entity injection.Problem line is specified as Error Line.Any Help is appreciated.

private Document parseXmlString(String stringname, boolean validating) {
        try {

            DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
            factory.setValidating(validating);

            ByteArrayInputStream is = new ByteArrayInputStream(stringname.getBytes());


            Document doc = factory.newDocumentBuilder().parse(is);//Error Line
                return doc;
            } catch (SAXException e) {
                // A parsing error occurred; the xml input is not valid
            } catch (ParserConfigurationException e) {

            } catch (IOException e) {
            }
            return null;
    }

Original Q&A

There are 1 answers

**Ravi Ranjan** · Answer 1 · 2015-08-24 09:23:50

Ravi Ranjan On 24 August 2015 at 09:23

I hope this is what you are looking for: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing

TechQA.

XML External Entity Injection (Input Validation and Representation, Data Flow)

There are 1 answers

Related Questions in JAVA

Related Questions in XML

Related Questions in DOM

Related Questions in XML-PARSING

Related Questions in XMLDOCUMENT

Popular Questions

Popular Tags

Trending Questions