Menu
▾
▴
[xmlunit/xmlunit] 933ed9: try to disable all DocumentBuilderFactory features...
|
From: GitHub <no...@gi...> - 2018-04-13 21:14:18
|
Branch: refs/heads/add-some-xxe-protection Home: https://github.com/xmlunit/xmlunit Commit: 933ed9eed8f1132c6280f6b58de212675eb0efef https://github.com/xmlunit/xmlunit/commit/933ed9eed8f1132c6280f6b58de212675eb0efef Author: Stefan Bodewig <ste...@fr...> Date: 2018-04-13 (Fri, 13 Apr 2018) Changed paths: M xmlunit-core/src/main/java/org/xmlunit/ConfigurationException.java M xmlunit-core/src/main/java/org/xmlunit/util/Convert.java A xmlunit-core/src/main/java/org/xmlunit/util/DocumentBuilderFactoryConfigurer.java M xmlunit-legacy/src/main/java/org/custommonkey/xmlunit/XMLUnit.java Log Message: ----------- try to disable all DocumentBuilderFactory features recommended by OWASP see https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#JAXP_DocumentBuilderFactory.2C_SAXParserFactory_and_DOM4J see #91 |
