Java XML外部实体注入(输入验证和表示、数据流)
当我运行HP fortify时,以下代码作为XML外部实体注入提供。问题行指定为错误行。欢迎提供任何帮助Java XML外部实体注入(输入验证和表示、数据流),java,xml,dom,xml-parsing,xmldocument,Java,Xml,Dom,Xml Parsing,Xmldocument,当我运行HP fortify时,以下代码作为XML外部实体注入提供。问题行指定为错误行。欢迎提供任何帮助 private Document parseXmlString(String stringname, boolean validating) { try { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setVal
private Document parseXmlString(String stringname, boolean validating) {
try {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setValidating(validating);
ByteArrayInputStream is = new ByteArrayInputStream(stringname.getBytes());
Document doc = factory.newDocumentBuilder().parse(is);//Error Line
return doc;
} catch (SAXException e) {
// A parsing error occurred; the xml input is not valid
} catch (ParserConfigurationException e) {
} catch (IOException e) {
}
return null;
}
我希望这就是你想要的: