• Home
• io.joern
• semanticcpg_3
• 4.0.65
• source code
• SecureXmlParsing.scala

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.shiftleft.semanticcpg.utils.SecureXmlParsing.scala Maven / Gradle / Ivy

package io.joern.semanticcpg.utils

import javax.xml.parsers.SAXParserFactory
import scala.util.Try
import scala.xml.{Elem, XML}

object SecureXmlParsing {
  def parseXml(content: String): Option[Elem] = {
    Try {
      val spf = SAXParserFactory.newInstance()

      spf.setValidating(false)
      spf.setNamespaceAware(false)
      spf.setXIncludeAware(false)
      spf.setFeature("http://xml.org/sax/features/validation", false)
      spf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", false)
      spf.setFeature("http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false)
      spf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false)
      spf.setFeature("http://xml.org/sax/features/external-parameter-entities", false)
      spf.setFeature("http://xml.org/sax/features/external-general-entities", false)

      XML.withSAXParser(spf.newSAXParser()).loadString(content)
    }.toOption
  }
}