Package io.github.pixee.security

Class XMLInputFactorySecurity

java.lang.Object

io.github.pixee.security.XMLInputFactorySecurity

public final class XMLInputFactorySecurity
extends Object

This type exposes helper methods that will help defend against XXE attacks in XMLInputFactory.

For more on XXE:

XXE OWASP CheatSheet

Method Summary

Modifier and Type	Method	Description
static XMLInputFactory	hardenFactory(XMLInputFactory factory)	Harden the XMLInputFactory against external entity attacks
static XMLInputFactory	hardenFactory(XMLInputFactory factory, Set<XMLRestrictions> restrictions)	Harden the XMLInputFactory against XML-based attacks with the given restrictions.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

hardenFactory

public static XMLInputFactory hardenFactory(XMLInputFactory factory)

Harden the XMLInputFactory against external entity attacks

hardenFactory

public static XMLInputFactory hardenFactory(XMLInputFactory factory,
                                            Set<XMLRestrictions> restrictions)

Harden the XMLInputFactory against XML-based attacks with the given restrictions.