Package org.kuali.coeus.s2sgen.impl.util
Class SafeXmlUtils
java.lang.Object
org.kuali.coeus.s2sgen.impl.util.SafeXmlUtils
Utility class to help avoid security vulnerabilities with various XML libraries.
-
Field Summary
Fields -
Method Summary
Modifier and TypeMethodDescriptionstatic DocumentBuilderFactoryCreates aDocumentBuilderFactorythat configures certain features to avoid XXE attacks as documented: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.htmlstatic SAXParserFactorystatic SchemaFactorystatic TransformerFactoryCreates aTransformerFactorythat configures certain attributes to avoid XXE attacks as documented: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.htmlstatic ValidatorsafeValidator(Schema schema)
-
Field Details
-
DISALLOW_DOCTYPE_DECL
- See Also:
-
EXTERNAL_GENERAL_ENTITIES
- See Also:
-
EXTERNAL_PARAMETER_ENTITIES
- See Also:
-
LOAD_EXTERNAL_DTD
- See Also:
-
-
Method Details
-
safeDocumentBuilderFactory
Creates aDocumentBuilderFactorythat configures certain features to avoid XXE attacks as documented: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html -
safeTransformerFactory
Creates aTransformerFactorythat configures certain attributes to avoid XXE attacks as documented: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html -
safeSAXParserFactory
public static SAXParserFactory safeSAXParserFactory() throws SAXNotSupportedException, SAXNotRecognizedException, ParserConfigurationException -
safeValidator
public static Validator safeValidator(Schema schema) throws SAXNotRecognizedException, SAXNotSupportedException -
safeSchemaFactory
public static SchemaFactory safeSchemaFactory() throws SAXNotRecognizedException, SAXNotSupportedException
-