To fix the problem, we need to disable the expansion of external entities by setting setExpandEntityReferences(false) on the DocumentBuilderFactory. This change will prevent the parser from resolving external entities, thus mitigating the risk of XXE attacks.
Suggested fixes powered by Copilot Autofix. Review carefully before merging.
coverage: 65.153%. remained the same
when pulling 29b29f94dd125e36f7f09e765d3503519a83a1d0 on autofix/alert-4-2f1a331131
into 1378858285c2db8b2b26dc90014f661cf722323d on master.
Fixes https://github.com/mybatis/ibatis-2/security/code-scanning/4
To fix the problem, we need to disable the expansion of external entities by setting
setExpandEntityReferences(false)
on theDocumentBuilderFactory
. This change will prevent the parser from resolving external entities, thus mitigating the risk of XXE attacks.Suggested fixes powered by Copilot Autofix. Review carefully before merging.