Disable XML external entity (XXE) processing Issue

jaikishore.polepalli · April 15, 2020, 10:20pm

Hi there,

We are using SonarQube version 7.9.2 to perform code analysis. I need some help on fixing the “Disable XML external entity (XXE) processing” Issue. The “DocumentBuilderFactory” class which is being used for XML parsing - SonarQube reported the “Disable XML external entity (XXE) processing” issue. Made code changes as suggested by SQ but still the issue persists.

PFB code screenshot. Can someone help with what is wrong in my code?

eric.therond · April 16, 2020, 11:36am

Hello @jaikishore.polepalli and welcome to the community!

XXE rule for Java has been improved recently (see this announcement):

If you are upgrading to take advantage of these new features, let us know if that resolves your problem, if you cannot upgrade, I suggest closing this issue as “False Positive”.

Eric