[GitHub] nifi pull request #2587: NIFI-4185 Add XML Record Reader

tballison Mon, 23 Apr 2018 06:18:11 -0700

Github user tballison commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2587#discussion_r183390424
  
    --- Diff: 
nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/src/main/java/org/apache/nifi/xml/XMLRecordReader.java
 ---
    @@ -84,6 +84,10 @@ public XMLRecordReader(InputStream in, RecordSchema 
schema, String rootName, Str
     
             try {
                 final XMLInputFactory xmlInputFactory = 
XMLInputFactory.newInstance();
    +
    +            // Avoid namespace replacements
    +            
xmlInputFactory.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, false);
    --- End diff --
    
    Might want to avoid XEE vulnerability via improved configuration of 
XMLInputFactory?
    
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#XMLInputFactory_.28a_StAX_parser.29

---

[GitHub] nifi pull request #2587: NIFI-4185 Add XML Record Reader

Reply via email to