CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
    • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
        • Android
        • Aws-lambda
        • Castor
        • Java-jwt
        • Jax-rs
        • Jboss
        • Jdo
        • Jedis
        • Jjwt
        • Jsch
        • Kryo
        • Lang
          • Audit
          • Correctness
          • Security
          • Security
            • Audit
            • Audit
              • Active-debug-code-getstacktrace
              • Active-debug-code-printstacktrace
              • Crypto
              • Crypto
              • Formatted-sql-string-deepsemgrep
              • Saxreader-xmlreader-constructor
              • Sqli
              • Xml-custom-entityresolver
              • Xss
              • Xss
              • Xxe
            • Crypto
            • Net
            • Properties
            • Sql
            • System
            • Xxe
        • Micronaut
        • Mongo
        • Mongodb
        • Mysql
        • Okhttp
        • Rmi
        • Servlets
        • Spring
        • Thymeleaf
        • Xstream
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
      • Typescript
      • Yaml
    Audit

    Xxe

    documentbuilderfactory-external-general-entities-true

    External entities are allowed for $DBFACTORY. This is vulnerable to XML external entity attacks. Disable this by setting the feature “http://xml.org/sax/features/external-general-entities” to false.
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - CWE-611: Improper Restriction of XML External Entity Reference
    OWASP:
    - A04:2017 - XML External Entities (XXE)
    - A05:2021 - Security Misconfiguration

    documentbuilderfactory-disallow-doctype-decl-missing

    DOCTYPE declarations are enabled for this DocumentBuilderFactory. This is vulnerable to XML external entity attacks. Disable this by setting the feature “http://apache.org/xml/features/disallow-doctype-decl” to true. Alternatively, allow DOCTYPE declarations and only prohibit external entities declarations. This can be done by setting the features “http://xml.org/sax/features/external-general-entities” and “http://xml.org/sax/features/external-parameter-entities” to false.
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - CWE-611: Improper Restriction of XML External Entity Reference
    OWASP:
    - A04:2017 - XML External Entities (XXE)
    - A05:2021 - Security Misconfiguration

    transformerfactory-dtds-not-disabled

    DOCTYPE declarations are enabled for this TransformerFactory. This is vulnerable to XML external entity attacks. Disable this by setting the attributes “accessExternalDTD” and “accessExternalStylesheet” to "".
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - CWE-611: Improper Restriction of XML External Entity Reference
    OWASP:
    - A04:2017 - XML External Entities (XXE)
    - A05:2021 - Security Misconfiguration

    documentbuilderfactory-disallow-doctype-decl-false

    DOCTYPE declarations are enabled for $DBFACTORY. Without prohibiting external entity declarations, this is vulnerable to XML external entity attacks. Disable this by setting the feature “http://apache.org/xml/features/disallow-doctype-decl” to true. Alternatively, allow DOCTYPE declarations and only prohibit external entities declarations. This can be done by setting the features “http://xml.org/sax/features/external-general-entities” and “http://xml.org/sax/features/external-parameter-entities” to false.
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - CWE-611: Improper Restriction of XML External Entity Reference
    OWASP:
    - A04:2017 - XML External Entities (XXE)
    - A05:2021 - Security Misconfiguration

    documentbuilderfactory-external-parameter-entities-true

    External entities are allowed for $DBFACTORY. This is vulnerable to XML external entity attacks. Disable this by setting the feature “http://xml.org/sax/features/external-parameter-entities” to false.
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - CWE-611: Improper Restriction of XML External Entity Reference
    OWASP:
    - A04:2017 - XML External Entities (XXE)
    - A05:2021 - Security Misconfiguration

    saxparserfactory-disallow-doctype-decl-missing

    DOCTYPE declarations are enabled for this SAXParserFactory. This is vulnerable to XML external entity attacks. Disable this by setting the feature http://apache.org/xml/features/disallow-doctype-decl to true. Alternatively, allow DOCTYPE declarations and only prohibit external entities declarations. This can be done by setting the features http://xml.org/sax/features/external-general-entities and http://xml.org/sax/features/external-parameter-entities to false. NOTE - The previous links are not meant to be clicked. They are the literal config key values that are supposed to be used to disable these features. For more information, see https://semgrep.dev/docs/cheat-sheets/java-xxe/#3a-documentbuilderfactory.
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - CWE-611: Improper Restriction of XML External Entity Reference
    OWASP:
    - A04:2017 - XML External Entities (XXE)
    - A05:2021 - Security Misconfiguration
    JspHardcoded secret key spec
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.