mirror of
https://github.com/apache/cloudstack.git
synced 2025-10-26 08:42:29 +01:00
b7415bf127
This implements safer DocumentBuilderFactory and ParserPool utilities to be used throughout the codebase to prevent potential XXE exploits. References: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html https://www.blackhat.com/docs/us-15/materials/us-15-Wang-FileCry-The-New-Age-Of-XXE-java-wp.pdf Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com> (cherry picked from commit 8e0e68ef368ebe2793ef80e2c3821eaecb47b593) Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>