Sonar问题，用于使用XSD文件验证XML的访问权限

发布于 2025-02-08 16:03:53 字数 1114 浏览 1 评论 0原文

我正在使用XSD验证XML文件，并且我正在为Schemafactory对象创建声纳问题 XML解析器不应容易受到XXE攻击的攻击，因此我设置了以下属性

schemaFactory.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
schemaFactory.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");

，但是当我运行代码时，我将获得http：//javax.xml.xml.xml.xml.constants/property/ AccessExternalDTD未被识别。 错误，请帮助我找出问题。

SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);

    schemaFactory.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
    schemaFactory.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
    try {
        Schema schema = schemaFactory.newSchema(new File(getResource(schemaFile)));

        Validator validator = schema.newValidator();
        validator.validate(new StreamSource(new File(getResource(xmlFile))));
        return true;
    } catch (SAXException | IOException e) {
        xsdInvalidData.add(xmlFile + "=" + e.getMessage());
        logger.error(xmlFile + "invalid xsd and enter in catch " + e.getMessage());
        return false;
    }

原文

I am validating xml file with XSD and I am getting sonar issue for SchemaFactory object creation
XML parsers should not be vulnerable to XXE attacks so I have set the below properties

schemaFactory.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
schemaFactory.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");

but when I run the code, then I am getting the http://javax.xml.XMLConstants/property/accessExternalDTD is not recognized.
error, Please help me to figure out the issue.

SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);

    schemaFactory.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
    schemaFactory.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
    try {
        Schema schema = schemaFactory.newSchema(new File(getResource(schemaFile)));

        Validator validator = schema.newValidator();
        validator.validate(new StreamSource(new File(getResource(xmlFile))));
        return true;
    } catch (SAXException | IOException e) {
        xsdInvalidData.add(xmlFile + "=" + e.getMessage());
        logger.error(xmlFile + "invalid xsd and enter in catch " + e.getMessage());
        return false;
    }

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

゛时过境迁 2025-02-15 16:03:53

默认javax.xml.validation.schemafactory不支持任何东西。您可能需要找到不同的实现。

public void setProperty(String name, Object object)
    throws SAXNotRecognizedException, SAXNotSupportedException {

    if (name == null) {
            throw new NullPointerException("the name parameter is null");
    }
    throw new SAXNotRecognizedException(name);
}

The default javax.xml.validation.SchemaFactory doesn't support anything. You'll probably need to find a different implementation.

public void setProperty(String name, Object object)
    throws SAXNotRecognizedException, SAXNotSupportedException {

    if (name == null) {
            throw new NullPointerException("the name parameter is null");
    }
    throw new SAXNotRecognizedException(name);
}

回复收藏 0 原文

~没有更多了~