sonar:禁用xml外部实体(xxe)处理

xdyibdwo  于 2021-07-09  发布在  Java
关注(0)|答案(0)|浏览(289)

我使用javax.xml.validation.validator验证我的xml,如下所示

private final Validator validator;
        ...

        SchemaFactory factory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema");
        factory.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
        factory.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
        Schema schema = factory.newSchema(new File(getResource(path)));
        validator = schema.newValidator();
        validator.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
        validator.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");

你知道为什么声纳说这个代码不符合吗?

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题