Skip to content

Commit

Permalink
#903 disable DOCTYPE to fix XXE Vulnerability
Browse files Browse the repository at this point in the history
  • Loading branch information
binarywang committed Jan 10, 2019
1 parent d6923f2 commit 8ec61d1
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ protected DocumentBuilder initialValue() {
try {
final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setExpandEntityReferences(false);
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
return factory.newDocumentBuilder();
} catch (ParserConfigurationException exc) {
throw new IllegalArgumentException(exc);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ public void testNormal() throws ParserConfigurationException, SAXException, IOEx

DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setExpandEntityReferences(false);
documentBuilderFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
Document document = documentBuilder.parse(new InputSource(new StringReader(encryptedXml)));

Expand Down Expand Up @@ -83,6 +84,8 @@ public void testValidateSignatureError() throws ParserConfigurationException, SA
String afterEncrpt = pc.encrypt(this.replyMsg);
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setExpandEntityReferences(false);
dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);

DocumentBuilder db = dbf.newDocumentBuilder();
StringReader sr = new StringReader(afterEncrpt);
InputSource is = new InputSource(sr);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,7 @@ private Document getXmlDoc() {
try {
final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setExpandEntityReferences(false);
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
this.xmlDoc = factory.newDocumentBuilder()
.parse(new ByteArrayInputStream(this.xmlString.getBytes(StandardCharsets.UTF_8)));
return xmlDoc;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,9 @@ public void testToMap() throws Exception {
@Test(expectedExceptions = {RuntimeException.class})
public void testToMap_with_empty_xmlString() {
WxPayOrderQueryResult result = new WxPayOrderQueryResult();
result.setXmlString(" ");
result.setXmlString( "<?xml version=\"1.0\" ?><!DOCTYPE doc " +
"[<!ENTITY win SYSTEM \"file:///C:/Users/user/Documents/testdata2.txt\">]" +
"><doc>&win;</doc>");
Map<String, String> map = result.toMap();
System.out.println(map);
}
Expand Down

0 comments on commit 8ec61d1

Please sign in to comment.