Rule description S2755 typos

Bananeweizen · September 18, 2019, 2:50pm

S2755 has a typo and a duplication in the description:

If you must parse untrusted XML, the best way to protect yourself is to use a local, static DTD during parsing and igore any DTD’s included in included in the document.

Also in both the compliant and non compliant code sections there are typos, which make that code not compile:

new FileInputStream(malicousSample)

Nicolas_Peru · September 23, 2019, 9:40am

Hi, thanks a lot for the feedback, I fixed the java description according to your feedback : https://jira.sonarsource.com/browse/RSPEC-2756

This should be fixed with next release of sonar-java plugin.

Topic		Replies	Views
java:S2755 proposed compliant solution does not work Report False-positive / False-negative...	2	669	September 16, 2024
False Positive: Rule java:S2755 – “Disable access to external entities in XML parsing” Report False-positive / False-negative...	2	54	July 3, 2025
Text in squid:S2755 issue SonarQube Server / Community Build java	4	1534	May 10, 2019
S2755 False positive in SonarLint SonarQube Cloud java , security	5	2616	March 12, 2020
False negative XXE rule for SchemaFactory (java:S2755) Report False-positive / False-negative... java , sonarqube	2	850	August 25, 2023

Rule description S2755 typos

Related topics