etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloudstack/utils
History
Rohit Yadav eb96ede328 saml: Safer DocumentBuilderFactory and ParserPool configuration 
This implements safer DocumentBuilderFactory and ParserPool utilities
to be used throughout the codebase to prevent potential XXE exploits.

References:
https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html
https://www.blackhat.com/docs/us-15/materials/us-15-Wang-FileCry-The-New-Age-Of-XXE-java-wp.pdf

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 0c6b92142cc402c3eebf9bf4aa3c77b2d9defc69)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 		2022-07-12 18:44:27 +05:30
..
bindir fixing utils license header 2012-06-06 23:06:02 -04:00
conf packaging: Adding Centos8, Ubuntu 20.04, XCPNG8.1 Support (#4068) 2020-08-17 16:28:30 +05:30
src saml: Safer DocumentBuilderFactory and ParserPool configuration 2022-07-12 18:44:27 +05:30
pom.xml Updating pom.xml version numbers for release 4.15.2.0 2021-09-10 21:19:58 +05:30