lasers/NewPipeExtractor
1
0
Fork 0
mirror of https://github.com/TeamNewPipe/NewPipeExtractor synced 2024-12-11 11:29:41 +01:00
Code Issues Projects Releases Wiki Activity

Fixed typo XEE → XXE (Xml eXternal Entity attack)

Browse Source 
See also:
https://en.wikipedia.org/wiki/XML_external_entity_attack
https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing
This commit is contained in:
litetex 2022-05-16 21:09:50 +02:00 committed by TiA4f8R
parent fffbbee7f3
commit c33d392958
No known key found for this signature in database
GPG Key ID: E6D3E7F5949450DD
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
extractor/src/main/java/org/schabi/newpipe/extractor/services/youtube/dashmanifestcreators/YoutubeDashManifestCreatorsUtils.java
View File

@ -696,11 +696,11 @@ public final class YoutubeDashManifestCreatorsUtils {
} }
/** /**
* Generate a new {@link DocumentBuilder} secured from XEE attacks, on platforms which * Generate a new {@link DocumentBuilder} secured from XXE attacks, on platforms which
* support setting {@link XMLConstants#ACCESS_EXTERNAL_DTD} and * support setting {@link XMLConstants#ACCESS_EXTERNAL_DTD} and
* {@link XMLConstants#ACCESS_EXTERNAL_SCHEMA} in {@link DocumentBuilderFactory} instances. * {@link XMLConstants#ACCESS_EXTERNAL_SCHEMA} in {@link DocumentBuilderFactory} instances.
* *
* @return an instance of {@link Document} secured against XEE attacks on supported platforms, * @return an instance of {@link Document} secured against XXE attacks on supported platforms,
* that should then be convertible to an XML string without security problems * that should then be convertible to an XML string without security problems
*/ */
private static Document newDocument() throws ParserConfigurationException { private static Document newDocument() throws ParserConfigurationException {
@ -718,13 +718,13 @@ public final class YoutubeDashManifestCreatorsUtils {
} }
/** /**
* Generate a new {@link TransformerFactory} secured from XEE attacks, on platforms which * Generate a new {@link TransformerFactory} secured from XXE attacks, on platforms which
* support setting {@link XMLConstants#ACCESS_EXTERNAL_DTD} and * support setting {@link XMLConstants#ACCESS_EXTERNAL_DTD} and
* {@link XMLConstants#ACCESS_EXTERNAL_SCHEMA} in {@link TransformerFactory} instances. * {@link XMLConstants#ACCESS_EXTERNAL_SCHEMA} in {@link TransformerFactory} instances.
* *
* @param document the document to convert, which must have been created using * @param document the document to convert, which must have been created using
* {@link #newDocument()} to properly prevent XEE attacks * {@link #newDocument()} to properly prevent XXE attacks
* @return the document converted to an XML string, making sure there can't be XEE attacks * @return the document converted to an XML string, making sure there can't be XXE attacks
*/ */
// Sonar warning is suppressed because it is still shown even if we apply its solution // Sonar warning is suppressed because it is still shown even if we apply its solution
@SuppressWarnings("squid:S2755") @SuppressWarnings("squid:S2755")