i want to try converting soapbody object to simple string xml using transformer but its give me XML entity injection (xxe)
TransformerFactory tf = TransformerFactory.newInstance();
Transformer transformer = tf.newTransformer();
StringWriter writerSoapBody = new StringWriter();
transformer.transform(soapBody.getPayloadSource(), new StreamResult(writerSoapBody));
xmlString = writerSoapBody.getBuffer().toString();
its give me exception of xxe vulnerability, when i resolve with added two more properties like:-
tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
then its give me other exception like
java.lang.IllegalArgumentException: Not supported: http://javax.xml.XMLConstants/property/accessExternalDTD
so my point is :-
1.) Is there available other way to convert soapBody.getPayloadSource() into simple string ?
2.) why its give me error?
i reffer https://rules.sonarsource.com/java/RSPEC-4435 for resolve xxe problem.
Thanks
