[BUG] XXEChecker对Unmarshaller无效

Preflight Checklist

[x] I agree to follow the Code of Conduct that this project adheres to.
[X] I have searched the issue tracker for an issue that matches the one I want to file, without success.
[X] I am not looking for support or already pursued the available support channels without success.

Version

1.14.0

Installation Type

Other (specify below)

Service Name

DongTai-agent-java

Describe the details of the bug and the steps to reproduce it

这是我使用的Unmarshalleer接口demo方法，设置 xif.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");后是有被阻断的，但似乎在XXEChecker没有获取到所需配置导致误报

            JAXBContext context = JAXBContext.newInstance(Student.class);
            Unmarshaller unmarshaller = context.createUnmarshaller();

            XMLInputFactory xif = XMLInputFactory.newFactory();
            // fixed: 禁用外部实体
             xif.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
//             xif.setProperty(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");

            // 默认情况下在1.8版本上不能加载外部dtd文件，需要更改设置。
             xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
             xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
            XMLStreamReader xsr = xif.createXMLStreamReader(new StringReader(content));
            Object o = unmarshaller.unmarshal(xsr);

Additional Information

且在JDK9模块化后，在不使用--illegal-access的情况下会出现部分反射没法用，此时XXEChecker也处于无效状态 module java.xml does not "opens com.sun.org.apache.xerces.internal.parsers" to unnamed module

Logs

No response

HXSecurity / DongTai

[BUG] XXEChecker对Unmarshaller无效 #1912