• Home
• io.codemodder
• core-codemods
• 0.93.1
• source code
• report.json

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.codemodder.codemods.HardenXMLReaderCodemod.report.json Maven / Gradle / Ivy

{
  "summary" : "Introduced protections against XXE attacks in XMLReader",
  "change" : "Hardened the XMLReader to prevent external entities from being resolved, which can prevent data exfiltration and arbitrary code execution",
  "reviewGuidanceIJustification" : "We believe this change is safe and effective. The behavior of hardened `XMLReader` instances will only be different if the XML they process uses external entities, which is exceptionally rare (and, as demonstrated, quite unsafe anyway.)",
  "references" : ["https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html", "https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing", "https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XXE%20Injection/README.md"]
}