Uploaded image for project: 'Xerces-C++'
  1. Xerces-C++
  2. XERCESC-2178

Missing XML Validation (Veracode)

    XMLWordPrintableJSON

Details

    Description

      Veracode flaw:

      By explicitly disabling XML validation, the application is making an assumption that the data provided will conform to the expected format. This can be dangerous if the parser does not properly handle malformed data.

      Recommendations:
      Validate all XML data against a DTD schema to prevent an attacker from providing malicious or otherwise unexpected
      input.

      Attachments

        1. AbstractDOMParser2.PNG
          22 kB
          cw_dev
        2. AbstractDOMParser.PNG
          37 kB
          cw_dev

        Activity

          People

            Unassigned Unassigned
            cw_dev cw_dev
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: