mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
24 lines
1.1 KiB
Java
24 lines
1.1 KiB
Java
|
// Safe: tainted XML routed through a hardened DocumentBuilder. The
|
||
|
|
// factory is configured with `FEATURE_SECURE_PROCESSING = true` before
|
||
|
|
// the builder is produced, and the produced builder inherits that
|
||
|
|
// hardening fact via the SSA xml-parser-config pass. The downstream
|
||
|
|
// `builder.parse(...)` sink call therefore sees a secure receiver and
|
||
|
|
// the XXE bit is suppressed.
|
||
|
|
import javax.servlet.http.HttpServletRequest;
|
||
|
|
import javax.xml.XMLConstants;
|
||
|
|
import javax.xml.parsers.DocumentBuilder;
|
||
|
|
import javax.xml.parsers.DocumentBuilderFactory;
|
||
|
|
import org.w3c.dom.Document;
|
||
|
|
import java.io.ByteArrayInputStream;
|
||
|
|
|
||
|
|
public class SafeXxeConfig {
|
||
|
|
public Document handle(HttpServletRequest req) throws Exception {
|
||
|
|
String body = req.getParameter("xml");
|
||
|
|
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||
|
|
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
||
|
|
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||
|
|
DocumentBuilder builder = factory.newDocumentBuilder();
|
||
|
|
return builder.parse(new ByteArrayInputStream(body.getBytes()));
|
||
|
|
}
|
||
|
|
}
|