2
Answers

Veracode Flaw

Photo of Manish Kumar Choudhary

Manish Kumar Choudhary
9y
1.1k
1 
var xDoc = XDocument.Load(fileName);
C#

I am using above code in a function to load an XML file. Functionality wise its working fine but it is showing following Veracode Flaw after Veracode check.

Description

The product processes an XML document that can contain XML entities with URLs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. By default, the XML entity resolver will attempt to resolve and retrieve external references. If attacker-controlled XML can be submitted to one of these functions, then the attacker could gain access to information about an internal network, local filesystem, or other sensitive data. This is known as an XML eXternal Entity (XXE) attack.

Recommendations

Configure the XML parser to disable external entity resolution.

What I need to do to resolve it.

Answers (2)

0
Photo of Manish Kumar Choudhary
NA 14.3k 2.2m 9y
What you are suggesting is completely out of my understanding. Would you please explain?
 
-1
Photo of Upendra Pratap Shahi
NA 13.3k 861.7k 9y
Hello Sir,
 
Kindly do with this code-
 

public void updateConfigFile(string con)

{

//updating config file

XmlDocument XmlDoc = new XmlDocument();

//Loading the Config file

XmlDoc.Load(AppDomain.CurrentDomain.SetupInformation.ConfigurationFile);

foreach (XmlElement xElement in XmlDoc.DocumentElement)

{

if (xElement.Name == "connectionStrings")

{

//setting the coonection string

xElement.FirstChild.Attributes[2].Value = con;

}

}

//writing the connection string in config file

XmlDoc.Save(AppDomain.CurrentDomain.SetupInformation.ConfigurationFile);

}

if helped kindly accept the answer
Next Recommended Forum