Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/310.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java IBM Appscan出现Xpath编译问题_Java_Xpath_Websphere - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java IBM Appscan出现Xpath编译问题

Java IBM Appscan出现Xpath编译问题

java xpath websphere

Java IBM Appscan出现Xpath编译问题,java,xpath,websphere,Java,Xpath,Websphere,我正在尝试使用Xpath从XML读取标记。下面是相同的代码 XPathFactory xPathfactory = XPathFactory.newInstance(); XPath duplcatexpath = xPathfactory.newXPath(); XPathExpression duplcatexpathexpr = duplcatexpath.compile(duplicateconditionpath); 一切正常,但当我运行应用程序扫描时,它会产生漏洞Injec

我正在尝试使用Xpath从XML读取标记。下面是相同的代码

XPathFactory xPathfactory = XPathFactory.newInstance();  
XPath duplcatexpath = xPathfactory.newXPath();  
XPathExpression duplcatexpathexpr = duplcatexpath.compile(duplicateconditionpath);
一切正常,但当我运行应用程序扫描时,它会产生漏洞Injection.XPath.
是否有任何方法可以缓解此问题。

确切地说,哪一行会在AppScan中引发此漏洞?简而言之,首先确保您的应用程序不易受到XPath注入攻击,然后配置扫描以抑制警告。不确定您在这两个步骤中遇到的困难是哪一个。@Som第三行显示了该漏洞。@Michael XPath实际上处于保密状态,因此我的应用程序不会受到XPath注入的攻击。但是我不能抑制扫描警告(在组织级别维护),然后你要么因为虚假的警告而停止使用XPath,要么你不得不接受这些警告。我们还能说什么呢?扫描此类漏洞的工具是出了名的粗糙。