-
Notifications
You must be signed in to change notification settings - Fork 5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CAMEL-12444: Improved DTD handling in validator component.
- Loading branch information
Showing
2 changed files
with
14 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
24eefa5
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The first change has added a command that the SchemaFactory cannot access the documents outside of the intended sphere of control. When it does, it will debug to the system to let them know the situation to avoid attackers force the application to make outgoing requests to servers that the attacker cannot reach directly using the CWE-611.
The second change has used ACCESS_EXTERNAL_DTD and ACCESS_EXTERNAL_SCHEMA to judge the property of DTD and SCHEMA to monitor the DTD and Schema whether they have got messages and when it happens, giving warnings.
24eefa5
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is the meaning of this comment?