XML External Entity Injection (Input Validation and Representation, Data Flow)

1.7k views Asked by At

When I run HP fortify the following code is given as a XML External Entity injection.Problem line is specified as Error Line.Any Help is appreciated.

private Document parseXmlString(String stringname, boolean validating) {
        try {

            DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
            factory.setValidating(validating);

            ByteArrayInputStream is = new ByteArrayInputStream(stringname.getBytes());


            Document doc = factory.newDocumentBuilder().parse(is);//Error Line
                return doc;
            } catch (SAXException e) {
                // A parsing error occurred; the xml input is not valid
            } catch (ParserConfigurationException e) {

            } catch (IOException e) {
            }
            return null;
    }
1

There are 1 answers

0
Ravi Ranjan On