[#YANGTOOLS-708] Introduce XML utilities for dealing with untrusted documents

[YANGTOOLS-708] Introduce XML utilities for dealing with untrusted documents Created: 28/Oct/16 Updated: 10/Apr/22 Resolved: 08/Nov/16
Status:	Resolved
Project:	yangtools
Component/s:	None
Affects Version/s:	None
Fix Version/s:	None

Type:

Bug

Reporter:

Robert Varga

Assignee:

Robert Varga

Resolution:

Done

Votes:

Labels:

None

Remaining Estimate:

Not Specified

Time Spent:

Not Specified

Original Estimate:

Not Specified

Environment:

Operating System: All
Platform: All

External issue ID:

7057

Description

We are dealing with untrusted XMLs across all projects, with a lot of places instantiation DocumentBuilderFactories and similar.

Create a central place, which will give out properly configured instances, so that we reduce the risk of DoS attacks on code which thinks that a DocumentBuilder, or any XML parser can be trusted in its default configuration.

Comments

Comment by Robert Varga [ 28/Oct/16 ]

master: https://git.opendaylight.org/gerrit/47727

Comment by Robert Varga [ 05/Nov/16 ]

boron: https://git.opendaylight.org/gerrit/48028

Generated at Wed Feb 07 20:54:04 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.

[YANGTOOLS-708] Introduce XML utilities for dealing with untrusted documents Created: 28/Oct/16 Updated: 10/Apr/22 Resolved: 08/Nov/16