Title: Java: Add XXE sinks by haby0 · Pull Request #6564 · github/codeql · GitHub
Open Graph Title: Java: Add XXE sinks by haby0 · Pull Request #6564 · github/codeql
X Title: Java: Add XXE sinks by haby0 · Pull Request #6564 · github/codeql
Description: There are many XML parsers for Java, and most of them are vulnerable to XXE because their default settings enable parsing of external entities. This query currently identifies vulnerable XML parsing from the following parsers: javax.xml.validation.Validator, org.dom4j.DocumentHelper, org.apache.commons.digester3.Digester, java.beans.XMLDecoder, org.rundeck.api.parser.ParserHelper, org.apache.commons.digester.Digester, org.apache.tomcat.util.digester.Digester Open source components: vertx-web
Open Graph Description: There are many XML parsers for Java, and most of them are vulnerable to XXE because their default settings enable parsing of external entities. This query currently identifies vulnerable XML parsin...
X Description: There are many XML parsers for Java, and most of them are vulnerable to XXE because their default settings enable parsing of external entities. This query currently identifies vulnerable XML parsin...
Opengraph URL: https://github.com/github/codeql/pull/6564
X: @github
Domain: github.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:b05f2cf1-b08a-575f-b8d7-a94643ccd5ba |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | D2E8:217E54:6F03D4:9F0C36:6A4CAC90 |
| html-safe-nonce | 040912c46c5111a54ffcbcfde13207c6ed89e2547838bb878743f3cdd7970db1 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJEMkU4OjIxN0U1NDo2RjAzRDQ6OUYwQzM2OjZBNENBQzkwIiwidmlzaXRvcl9pZCI6IjczODI2MDk0NTU2OTc2NjkyNjUiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ== |
| visitor-hmac | 37d5af92754a32b6fcfee49a7af89ff08bfdd1295fba4df64e443f4c1a374794 |
| hovercard-subject-tag | pull_request:721375479 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/github/codeql/pull/6564/files |
| twitter:image | https://avatars.githubusercontent.com/u/29876502?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/u/29876502?s=400&v=4 |
| og:image:alt | There are many XML parsers for Java, and most of them are vulnerable to XXE because their default settings enable parsing of external entities. This query currently identifies vulnerable XML parsin... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | 3d11bb817438277de2a940854450e83a7d32b6aeb5014e9e6b00a6423900251c |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/github/codeql git https://github.com/github/codeql.git |
| octolytics-dimension-user_id | 9919 |
| octolytics-dimension-user_login | github |
| octolytics-dimension-repository_id | 143040428 |
| octolytics-dimension-repository_nwo | github/codeql |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 143040428 |
| octolytics-dimension-repository_network_root_nwo | github/codeql |
| turbo-body-classes | logged-out env-production page-responsive full-width |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | ae90d426644ca15e89bacceb72e51f4e9dbf85f7 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width