Package de.businesscode.util.xml

Class SecureXmlFactory

java.lang.Object
de.businesscode.util.xml.SecureXmlFactory
public abstract class SecureXmlFactory extends Object
Factory methods preventing XXE attacks, according to OWASP Cheat Sheet

  • Constructor Details

    • SecureXmlFactory

      public SecureXmlFactory()

  • Method Details

    • newXMLInputFactory

      public static XMLInputFactory newXMLInputFactory()
      Create an XMLInputFactory which is save against injection attacks If you need XInclude, enable it explicitly after retrieving this
      Returns:

    • newDocumentBuilderFactory

      public static DocumentBuilderFactory newDocumentBuilderFactory()
      Returns:
      DocumentBuilderFactory with following options set
      • XInclude: disabled
      • Validation: disabled
      • DTD: disabled
      • External Entities (general+params): disabled
      • Ignoring comments: true

    • newSaxParserFactory

      public static SAXParserFactory newSaxParserFactory()
      Returns:
      SAXParserFactory with following options set
      • XInclude: disabled
      • Validation: disabled
      • DTD: disabled
      • External Entities (general+params): disabled

    • newTransformerFactory

      public static TransformerFactory newTransformerFactory()
      Returns:
      TransformerFactory with following options set
      • External DTD: disabled
      • External Stylesheet: disabled

    • newSaxTransformerFactory

      public static SAXTransformerFactory newSaxTransformerFactory()
      Returns:
      SAXTransformerFactory with following options set
      • External DTD: disabled
      • External Stylesheet: disabled

    • newXmlReader

      public static XMLReader newXmlReader()
      Returns:
      XMLReader with following options set
      • XInclude: disabled
      • Validation: disabled
      • DTD: disabled
      • External Entities (general+params): disabled