search

teragrep / pth_06

Teragrep Datasource for Apache Spark
GNU Affero General Public License v3.0
0 stars 5 forks source link

Sigma (SIGMA.xml_external_entity_enabled) in XmlWalker.java: 88 #47

Open StrongestNumber9 opened 2 months ago

StrongestNumber9 commented 2 months ago

Describe the bug

*** CID 1594365:  Sigma  (SIGMA.xml_external_entity_enabled)
/src/main/java/com/teragrep/pth_06/planner/walker/XmlWalker.java: 88 in com.teragrep.pth_06.planner.walker.XmlWalker::fromString(XmlWalker, String)T()
82         public XmlWalker() {
83     
84         }
85     
86         public <T> T fromString(String inXml) throws Exception {
87             Object rv;
>>>     CID 1594365:  Sigma  (SIGMA.xml_external_entity_enabled)
>>>     Java API for XML processing's `DocumentBuilderFactory` or `SAXParserFactory` class has not been configured to prevent expansion of external entities during XML parsing. External entity expansion may cause a server-side request forgery, denial of service, exposure of sensitive data or unwanted server requests.
88             DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
89             DocumentBuilder loader = factory.newDocumentBuilder();
90             Document document = loader.parse(new InputSource(new StringReader(inXml)));
91     
92             DocumentTraversal traversal = (DocumentTraversal) document;
93             LOGGER.info("XmlWalker.fromString incoming:" + inXml);

Software version

3.0.1