57 lines
1.3 KiB
Plaintext
57 lines
1.3 KiB
Plaintext
Using unvalidated XML can expose an application to several types of XML-related attacks:
|
|
|
|
* XML injection - the structure and/or contents of the document are changed by the addition of extra elements
|
|
* XML entity expansion - the size of the document is ballooned by injecting elements that expand exponentially, exhausing server resources
|
|
* XML external entity injection - entities are injected which result dynamically including data from another source, such as a sensitive file on the filesystem.
|
|
|
|
This rule checks that method parameters are not unconditionally used directly in XML.
|
|
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,text]
|
|
----
|
|
private string writeXml(OleDbDataReader odr) {
|
|
|
|
XmlTextWriter xTWriter = null;
|
|
string key = String.Empty;
|
|
string value = String.Empty;
|
|
|
|
try
|
|
{
|
|
while(oDR.Read())
|
|
{
|
|
key = odr.GetValue(0);
|
|
value = odr.GetValue(1);
|
|
xTWriter.WriteElementString(key, value); // Noncompliant
|
|
}
|
|
}
|
|
}
|
|
----
|
|
|
|
|
|
=== Compliant solution
|
|
|
|
[source,text]
|
|
----
|
|
|
|
private string writeXml(OleDbDataReader odr) {
|
|
|
|
XmlTextWriter xTWriter = null;
|
|
string key = String.Empty;
|
|
string value = String.Empty;
|
|
|
|
try
|
|
{
|
|
while(oDR.Read())
|
|
{
|
|
key = System.SecurityElement.Escape(odr.GetValue(0));
|
|
value = System.SecurityElement.Escape(odr.GetValue(1));
|
|
xTWriter.WriteElementString(key, value);
|
|
}
|
|
}
|
|
}
|
|
----
|
|
|
|
|