CodeQL documentation
CodeQL resources

Untrusted XML is read insecurely

ID: cs/xml/insecure-dtd-handling
Kind: path-problem
Security severity: 9.1
Severity: error
Precision: high
Tags:
   - security
   - external/cwe/cwe-611
   - external/cwe/cwe-827
   - external/cwe/cwe-776
Query suites:
   - csharp-code-scanning.qls
   - csharp-security-extended.qls
   - csharp-security-and-quality.qls

Click to see the query in the CodeQL repository

XML documents can contain Document Type Definitions (DTDs), which may define new XML entities. These can be used to perform Denial of Service (DoS) attacks, or resolve to resources outside the intended sphere of control.

Recommendation

When processing XML documents, ensure that DTD processing is disabled unless absolutely necessary, and if it is necessary, ensure that a secure resolver is used.

Example

The following example shows an HTTP request parameter being read directly into an XmlTextReader. In the current version of the .NET Framework, XmlTextReader has DTD processing enabled by default.

public class XMLHandler : IHttpHandler
{
    public void ProcessRequest(HttpContext ctx)
    {
        // BAD: XmlTextReader is insecure by default, and the payload is user-provided data
        XmlTextReader reader = new XmlTextReader(ctx.Request.QueryString["document"]);
    ...
  }
}

The solution is to set the DtdProcessing property to DtdProcessing.Prohibit.

References

  • © GitHub, Inc.
  • Terms
  • Privacy
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy