I got a XML External Entity Injection security warn of line 4 in fortify report. Have no idea how to fix it. I'm quite new to SOAP,JAXB, and Marshaller.
1 private TargetObject convert( ResponseEntity<String> response ) throws JAXBException{
2 JAXBContext jaxbContext = JAXBContext.newInstance( TargetObject.class );
3 Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
4 StringReader reader = new StringReader( Objects.requireNonNull( response.getBody() ) );
5 TargetObject targetObject = (ArrayOfOrderList) unmarshaller.unmarshal( reader );
6 return targetObject;
7 }
line 4 (XML External Entity Injection) High
Issue Details
Kingdom: Input Validation and Representation
Scan Engine: SCA (Semantic)
Sink Details
Sink: unmarshal()
Thanks in advance!
I recommend you to read : OWASP XXE Prevention Cheat Sheet. this will get you the solution