*** CID 1594365: Sigma (SIGMA.xml_external_entity_enabled)
/src/main/java/com/teragrep/pth_06/planner/walker/XmlWalker.java: 88 in com.teragrep.pth_06.planner.walker.XmlWalker::fromString(XmlWalker, String)T()
82 public XmlWalker() {
83
84 }
85
86 public <T> T fromString(String inXml) throws Exception {
87 Object rv;
>>> CID 1594365: Sigma (SIGMA.xml_external_entity_enabled)
>>> Java API for XML processing's `DocumentBuilderFactory` or `SAXParserFactory` class has not been configured to prevent expansion of external entities during XML parsing. External entity expansion may cause a server-side request forgery, denial of service, exposure of sensitive data or unwanted server requests.
88 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
89 DocumentBuilder loader = factory.newDocumentBuilder();
90 Document document = loader.parse(new InputSource(new StringReader(inXml)));
91
92 DocumentTraversal traversal = (DocumentTraversal) document;
93 LOGGER.info("XmlWalker.fromString incoming:" + inXml);
Describe the bug
Software version
3.0.1