Module io.github.pixee.security
Package io.github.pixee.security

Class XMLInputFactorySecurity

  • public final class XMLInputFactorySecurity
extends java.lang.Object
    This type exposes helper methods that will help defend against XXE attacks in XMLInputFactory.

    For more on XXE:

    XXE OWASP CheatSheet

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static javax.xml.stream.XMLInputFactory hardenFactory​(javax.xml.stream.XMLInputFactory factory)
      Harden the XMLInputFactory against external entity attacks
      static javax.xml.stream.XMLInputFactory hardenFactory​(javax.xml.stream.XMLInputFactory factory, java.util.Set<XMLRestrictions> restrictions)
      Harden the XMLInputFactory against XML-based attacks with the given restrictions.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • hardenFactory

        public static javax.xml.stream.XMLInputFactory hardenFactory​(javax.xml.stream.XMLInputFactory factory)
        Harden the XMLInputFactory against external entity attacks

      • hardenFactory

        public static javax.xml.stream.XMLInputFactory hardenFactory​(javax.xml.stream.XMLInputFactory factory,
                                                             java.util.Set<XMLRestrictions> restrictions)
        Harden the XMLInputFactory against XML-based attacks with the given restrictions.