io.codemodder.codemods.harden-xmlreader.yaml Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of core-codemods Show documentation
Show all versions of core-codemods Show documentation
Codemods for fixing common errors across many Java projects
rules:
- id: harden-xmlreader
patterns:
- pattern: $XMLR.parse(...);
- pattern-inside: |
$RT $METHOD ($ARGS) {
...
$XMLR = XMLReaderFactory.createXMLReader(...);
...
}
- pattern-not-inside: |
$RT $METHOD ($ARGS) {
...
$XMLR.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
...
}
- pattern-not-inside: |
$RT $METHOD ($ARGS) {
...
$XMLR.setFeature("http://xml.org/sax/features/external-general-entities", false);
...
$XMLR.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
...
}
- pattern-not-inside: |
$RT $METHOD ($ARGS) {
...
$XMLR.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
...
$XMLR.setFeature("http://xml.org/sax/features/external-general-entities", false);
...
}
- focus-metavariable: $XMLR
message: "Semgrep found a match"
languages:
- java
severity: WARNING