Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components through passive instrumentation. It is particularly suitable for use in the testing phase of the development pipeline.
且在JDK9模块化后,在不使用--illegal-access的情况下会出现部分反射没法用,此时XXEChecker也处于无效状态
module java.xml does not "opens com.sun.org.apache.xerces.internal.parsers" to unnamed module
Preflight Checklist
Version
1.14.0
Installation Type
Other (specify below)
Service Name
DongTai-agent-java
Describe the details of the bug and the steps to reproduce it
这是我使用的Unmarshalleer接口demo方法,设置 xif.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");后是有被阻断的,但似乎在XXEChecker没有获取到所需配置导致误报
Additional Information
且在JDK9模块化后,在不使用--illegal-access的情况下会出现部分反射没法用,此时XXEChecker也处于无效状态 module java.xml does not "opens com.sun.org.apache.xerces.internal.parsers" to unnamed module
Logs
No response