XML外部实体注入(输入验证和表示,数据流)

时间:2015-06-08 10:59:00

标签: java xml dom xml-parsing xmldocument

当我运行HP fortify时,以下代码作为XML外部实体注入.Problem行被指定为错误行。感谢任何帮助。

private Document parseXmlString(String stringname, boolean validating) {
        try {

            DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
            factory.setValidating(validating);

            ByteArrayInputStream is = new ByteArrayInputStream(stringname.getBytes());


            Document doc = factory.newDocumentBuilder().parse(is);//Error Line
                return doc;
            } catch (SAXException e) {
                // A parsing error occurred; the xml input is not valid
            } catch (ParserConfigurationException e) {

            } catch (IOException e) {
            }
            return null;
    }

1 个答案:

答案 0 :(得分:0)

我希望这就是你要找的东西: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing

相关问题
最新问题