Hi everyone,
after I enabled the SAST with the free plan, there is only 1 error I cannot resolve an XXE error.
The semgrep result file gives me as error the following text:
“XML External Entity (XXE) attacks can occur when an XML parser supports XML
entities while processing XML received from an untrusted source.”
so I think that the configuration is the following (naturally I can’t change the configurations with my tier):
inside the configuration file I’ve found an issue.
In general the patter search for a new DocumentBuilder and after check if are setted Attributes and Features.
The only problem (that in the tests seems to be correct) is that DocumentBuilder object doesn’t have that functions (instead the DocumentBuilderFactory is the right one).
In this case, am I wrong on anything? Or does the problem exist?
Thanks in advance 