Philipp Ottlinger created RAT-560:
-------------------------------------
Summary: Static analysis shows XXE attack vectors - streamline
usage in RAT and add documentation
Key: RAT-560
URL: https://issues.apache.org/jira/browse/RAT-560
Project: Apache RAT
Issue Type: Task
Affects Versions: 0.18
Reporter: Philipp Ottlinger
Static code analysis warns that XML parsers used in RAT are
vulnerable/potentially vulnerable to XXE attacks:
* Reporter.java:99/140
* XMLConfigurationReader:156/175
As RAT runs on customer-owned data and allows custom configuration the usage in
the code should be streamlined and documented.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
