Improper_Restriction_of_XXE_REF

Asked Apr 04 '18 at 10:02

Active May 10 '18 at 11:20

Viewed 1,322 times

I'm new to using the Checkmarx tool and just checking for security flaws in code in general. I have a method which is supposed to read from an input stream. The method works, however I am getting XXE and SSRF errors.

 public static String getStringFromInputStream(InputStream is) {
    BufferedReader br = null;
    StringBuilder sb = new StringBuilder();
    String line;
    try {
        br = new BufferedReader(new InputStreamReader(is));
        while ((line = br.readLine()) != null) {
            sb.append(Normalizer.normalize(line, Normalizer.Form.NFD));
        }

    } catch (IOException e) {
        LOG.error(
                "********************",
                e);
    } finally {
        if (br != null) {
            try {
                br.close();
            } catch (IOException e) {
                LOG.error(
                        ******************,
                        e);
            }
        }
    }
    return sb.toString();
}

edited May 10 '18 at 11:20

yaloner

asked Apr 04 '18 at 10:02

Tuss

1

Tuss, it seems like the Checkmarx result is true. What exactly is your question? – yaloner May 08 '18 at 08:38

Improper_Restriction_of_XXE_REF

0 Answers0