XML parser XXE vulnerability

org.openrewrite.java.security.XmlParserXXEVulnerability
Avoid exposing dangerous features of the XML parser by setting XMLInputFactory IS_SUPPORTING_EXTERNAL_ENTITIES and SUPPORT_DTD properties to false.
Source
​Github, Issue Tracker, Maven Central​
groupId: org.openrewrite.recipe
artifactId: rewrite-java-security
version: 1.25.0
Contributors
​Jonathan Schneider​
​Nick McKinney​
​Aaron Gershman​
Usage
This recipe has no required configuration options. It can be activated by adding a dependency on org.openrewrite.recipe:rewrite-java-security:1.25.0 in your build file or by running a shell command (in which case no build changes are needed):
Gradle
Maven POM
Maven Command Line
build.gradle
plugins {
    id("org.openrewrite.rewrite") version("5.40.4")
}
​
rewrite {
    activeRecipe("org.openrewrite.java.security.XmlParserXXEVulnerability")
}
​
repositories {
    mavenCentral()
}
​
dependencies {
    rewrite("org.openrewrite.recipe:rewrite-java-security:1.25.0")
}
pom.xml
<project>
  <build>
    <plugins>
      <plugin>
        <groupId>org.openrewrite.maven</groupId>
        <artifactId>rewrite-maven-plugin</artifactId>
        <version>4.45.0</version>
        <configuration>
          <activeRecipes>
            <recipe>org.openrewrite.java.security.XmlParserXXEVulnerability</recipe>
          </activeRecipes>
        </configuration>
        <dependencies>
          <dependency>
            <groupId>org.openrewrite.recipe</groupId>
            <artifactId>rewrite-java-security</artifactId>
            <version>1.25.0</version>
          </dependency>
        </dependencies>
      </plugin>
    </plugins>
  </build>
</project>
shell
mvn -U org.openrewrite.maven:rewrite-maven-plugin:run \
  -Drewrite.recipeArtifactCoordinates=org.openrewrite.recipe:rewrite-java-security:RELEASE \
  -Drewrite.activeRecipes=org.openrewrite.java.security.XmlParserXXEVulnerability
See how this recipe works across multiple open-source repositories
​​
​​
The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.
Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.

Use secure temporary file creation

Marshalling

Last modified 22d ago