Package org.miaixz.bus.core.xml
Class XXE
java.lang.Object
org.miaixz.bus.core.xml.XXE
XXE漏洞修复相关工具类
参考:https://blog.spoock.com/2018/10/23/java-xxe/
- Since:
- Java 17+
- Author:
- Kimi Liu
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic DocumentBuilderFactorydisableXXE(DocumentBuilderFactory factory) 关闭XXE,避免漏洞攻击 see: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#JAXP_DocumentBuilderFactory.2C_SAXParserFactory_and_DOM4Jstatic SAXParserFactorydisableXXE(SAXParserFactory factory) 关闭XEE避免漏洞攻击static SAXTransformerFactorydisableXXE(SAXTransformerFactory factory) 关闭XEE避免漏洞攻击static TransformerFactorydisableXXE(TransformerFactory factory) 关闭XEE避免漏洞攻击static SchemaFactorydisableXXE(SchemaFactory factory) 关闭XEE避免漏洞攻击static ValidatordisableXXE(Validator validator) 关闭XEE避免漏洞攻击static XMLReaderdisableXXE(XMLReader reader) 关闭XEE避免漏洞攻击
-
Constructor Details
-
XXE
public XXE()
-
-
Method Details
-
disableXXE
关闭XXE,避免漏洞攻击 see: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#JAXP_DocumentBuilderFactory.2C_SAXParserFactory_and_DOM4J- Parameters:
factory- DocumentBuilderFactory- Returns:
- DocumentBuilderFactory
-
disableXXE
关闭XEE避免漏洞攻击- Parameters:
factory-SAXParserFactory- Returns:
SAXParserFactory
-
disableXXE
关闭XEE避免漏洞攻击 -
disableXXE
关闭XEE避免漏洞攻击- Parameters:
factory-TransformerFactory- Returns:
TransformerFactory
-
disableXXE
关闭XEE避免漏洞攻击 -
disableXXE
关闭XEE避免漏洞攻击- Parameters:
factory-SAXTransformerFactory- Returns:
SAXTransformerFactory
-
disableXXE
关闭XEE避免漏洞攻击- Parameters:
factory-SchemaFactory- Returns:
SchemaFactory
-