文章摘要:xxe漏洞是如何修复的 XXE漏洞的两种修复方法
使用java对xxe漏洞进行修复的方法 xxe漏洞代码: DocumentBuilderFactory dbf […]
使用java对xxe漏洞进行修复的方法
xxe漏洞代码:
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
String FEATURE = null;
// dbf.setExpandEntityReferences无法防止xxe
dbf.setExpandEntityReferences(false);
DocumentBuilder documentBuilder = dbf.newDocumentBuilder();
Document document = documentBuilder.parse(new File("poc.xml"));
xxe漏洞修复代码:
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
String FEATURE = null;
FEATURE = "http://apache.org/xml/features/disallow-doctype-decl";
dbf.setFeature(FEATURE, true);
FEATURE = "http://xml.org/sax/features/external-general-entities";
dbf.setFeature(FEATURE, false);
FEATURE = "http://xml.org/sax/features/external-parameter-entities";
dbf.setFeature(FEATURE, false);
FEATURE = "http://apache.org/xml/features/nonvalidating/load-external-dtd";
dbf.setFeature(FEATURE, false);
dbf.setXIncludeAware(false);
// dbf.setExpandEntityReferences无法防止xxe
dbf.setExpandEntityReferences(false);
DocumentBuilder documentBuilder = dbf.newDocumentBuilder();
声明:
若非注明,本站文章源于互联网收集整理和网友分享发布,如有侵权,请联系站长处理。
文章名称:xxe漏洞是如何修复的 XXE漏洞的两种修复方法
文章链接:http://www.7966.org/post/15203.html
转载请注明出处
