android-classyshark icon indicating copy to clipboard operation
android-classyshark copied to clipboard

Published 20 hours ago verified publisher icon google

xxe

Open QiAnXinCodeSafe opened this issue 6 years ago • 2 comments

The xml external entity is not disabled when parsing the xml string. When analyzing malicious apk or app, it may cause xml external entity injection. 图片

QiAnXinCodeSafe avatar Jul 18 '19 02:07 QiAnXinCodeSafe

Any suggestions how to fix

borisf avatar Jul 18 '19 04:07 borisf

DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);

QiAnXinCodeSafe avatar Jul 23 '19 01:07 QiAnXinCodeSafe