package testcode.xxe;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
public class DocumentBuilderVulnerable {
public static void receiveXMLStream(InputStream in) throws ParserConfigurationException, IOException, SAXException {
DocumentBuilder db = DocumentBuilderFactory.newInstance().newDocumentBuilder();
Document doc = db.parse(in);
}
public static void main(String[] args) throws ParserConfigurationException,
SAXException, IOException {
String xmlString = "<?xml version=\"1.0\"?>" +
"<!DOCTYPE test [ <!ENTITY foo SYSTEM \"C:/Code/public.txt\"> ]><test>&foo;</test>"; // Tainted input
InputStream is = new ByteArrayInputStream(xmlString.getBytes());
receiveXMLStream(is);
}
}