documentbuilderfactory-external-general-entities-true
documentbuilderfactory-disallow-doctype-decl-missing
transformerfactory-dtds-not-disabled
documentbuilderfactory-disallow-doctype-decl-false
documentbuilderfactory-external-parameter-entities-true
saxparserfactory-disallow-doctype-decl-missing
http://apache.org/xml/features/disallow-doctype-decl
to true. Alternatively, allow DOCTYPE declarations and only prohibit external entities declarations. This can be done by setting the features http://xml.org/sax/features/external-general-entities
and http://xml.org/sax/features/external-parameter-entities
to false. NOTE - The previous links are not meant to be clicked. They are the literal config key values that are supposed to be used to disable these features. For more information, see https://semgrep.dev/docs/cheat-sheets/java-xxe/#3a-documentbuilderfactory.