Menu
▾
▴
[xmlunit/xmlunit] 933ed9: try to disable all DocumentBuilderFactory features...
|
From: GitHub <no...@gi...> - 2018-04-14 13:46:39
|
Branch: refs/heads/master Home: https://github.com/xmlunit/xmlunit Commit: 933ed9eed8f1132c6280f6b58de212675eb0efef https://github.com/xmlunit/xmlunit/commit/933ed9eed8f1132c6280f6b58de212675eb0efef Author: Stefan Bodewig <ste...@fr...> Date: 2018-04-13 (Fri, 13 Apr 2018) Changed paths: M xmlunit-core/src/main/java/org/xmlunit/ConfigurationException.java M xmlunit-core/src/main/java/org/xmlunit/util/Convert.java A xmlunit-core/src/main/java/org/xmlunit/util/DocumentBuilderFactoryConfigurer.java M xmlunit-legacy/src/main/java/org/custommonkey/xmlunit/XMLUnit.java Log Message: ----------- try to disable all DocumentBuilderFactory features recommended by OWASP see https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#JAXP_DocumentBuilderFactory.2C_SAXParserFactory_and_DOM4J see #91 Commit: e2cd5899bdf9ebcb28d3855b7a107d9e1247aa9e https://github.com/xmlunit/xmlunit/commit/e2cd5899bdf9ebcb28d3855b7a107d9e1247aa9e Author: Stefan Bodewig <ste...@fr...> Date: 2018-04-13 (Fri, 13 Apr 2018) Changed paths: M xmlunit-core/src/main/java/org/xmlunit/diff/DOMDifferenceEngine.java Log Message: ----------- missed a newInstance call of DocumentFactoryBuilder Commit: d00ca58c41c263c85ea66fad39a5230b666253b6 https://github.com/xmlunit/xmlunit/commit/d00ca58c41c263c85ea66fad39a5230b666253b6 Author: Stefan Bodewig <ste...@fr...> Date: 2018-04-13 (Fri, 13 Apr 2018) Changed paths: M xmlunit-core/src/main/java/org/xmlunit/validation/ParsingValidator.java Log Message: ----------- make two.-arg validateInstance method accessible to public Commit: 18104d8774913473780af8db93f226519a5e14fa https://github.com/xmlunit/xmlunit/commit/18104d8774913473780af8db93f226519a5e14fa Author: Stefan Bodewig <ste...@fr...> Date: 2018-04-14 (Sat, 14 Apr 2018) Changed paths: M xmlunit-legacy/src/main/java/org/custommonkey/xmlunit/XMLUnit.java Log Message: ----------- disable XXE protection in legacy code base by default Commit: 635b594e3f3dba8d3cadb2204d07bd250647234f https://github.com/xmlunit/xmlunit/commit/635b594e3f3dba8d3cadb2204d07bd250647234f Author: Stefan Bodewig <ste...@fr...> Date: 2018-04-14 (Sat, 14 Apr 2018) Changed paths: M xmlunit-core/src/main/java/org/xmlunit/diff/DefaultComparisonFormatter.java M xmlunit-core/src/main/java/org/xmlunit/transform/Transformation.java M xmlunit-core/src/main/java/org/xmlunit/util/Convert.java A xmlunit-core/src/main/java/org/xmlunit/util/TransformerFactoryConfigurer.java M xmlunit-legacy/src/main/java/org/custommonkey/xmlunit/XMLUnit.java Log Message: ----------- enable XXE protection for TransformerFactories Compare: https://github.com/xmlunit/xmlunit/compare/a5e1721f6f08...635b594e3f3d |
