nexus: enable XML parser security settings - libeufin - Integration and sandbox testing for FinTech APIs and data formats

commit fd77974c95f07882bf566840b3cb345a08d33923
parent 77012addddc5ade4765a3a68f25be12c44667bef
Author: Antoine A <>
Date:   Mon,  7 Oct 2024 17:03:10 +0200

nexus: enable XML parser security settings

Diffstat:
M nexus/src/main/kotlin/tech/libeufin/nexus/XMLUtil.kt  | 6 ++++++

1 file changed, 6 insertions(+), 0 deletions(-)
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/XMLUtil.kt b/nexus/src/main/kotlin/tech/libeufin/nexus/XMLUtil.kt
@@ -27,6 +27,7 @@ import java.io.ByteArrayOutputStream
 import java.io.InputStream
 import java.security.PrivateKey
 import java.security.PublicKey
+import javax.xml.XMLConstants
 import javax.xml.crypto.*
 import javax.xml.crypto.dom.DOMURIReference
 import javax.xml.crypto.dsig.*
@@ -86,6 +87,11 @@ object XMLUtil {
     /** Parse [xml] into a XML DOM */
     fun parseIntoDom(xml: InputStream): Document {
         val factory = DocumentBuilderFactory.newInstance().apply {
+            // Enable secure processing
+            setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true)
+            // Disable all external access
+            setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "")
+            setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "")
             isNamespaceAware = true
         }
         val builder = factory.newDocumentBuilder()

	libeufin Integration and sandbox testing for FinTech APIs and data formats
	Log \| Files \| Refs \| Submodules \| README \| LICENSE