Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
sp_Search Search
Advanced Search
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Search Search
Go to Bottom
No permission to create posts
sp_Feed Topic RSS sp_TopicIcon
XmlElement containing DOCTYPE
April 12, 2019
13:02, EEST
Avatar
reinhard
Member
Members
Forum Posts: 12
Member Since:
December 6, 2016
sp_UserOfflineSmall Offline
Go to Top
1sp_Permalink sp_Print

We transmit XML data to our OPC server via a method, containing a XmlElement parameter.

The XML data also contains a DOCTYPE, so we are getting error messages like this:
“DOCTYPE is disallowed when the feature “http://apache.org/xml/features/disallow-doctype-decl” set to true. “

How can we set “http://apache.org/xml/features/disallow-doctype-decl” to “false” ?

April 12, 2019
14:40, EEST
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 1026
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline
Go to Top
2sp_EditHistory sp_Permalink sp_Print

Hi,

This has been intentionally disabled due to prevent attacks: https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.md#java (starting from https://downloads.prosysopc.com/opcua/Prosys_OPC_UA_Java_SDK_3_Release_Notes.html#version-3-1-4)

Therefore I highly recommend not to allow that and fix the client sending the data to not send that. If you are sure data only comes from trusted sources (and that they got it from trusted sources etc.), this should allow it:

XMLFactoryCache.getDocumentBuilderFactory().setFeature(“http://apache.org/xml/features/disallow-doctype-decl”, false);

You might need to do others as well (see the owasp site linked above). Do this at the start of main before interacting with SDK code.

No permission to create posts
sp_Feed All RSS
Go to top
Forum Timezone: Europe/Helsinki

Most Users Ever Online: 1919

Currently Online:
9 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Heikki Tahvanainen: 402

hbrackel: 144

rocket science: 88

pramanj: 86

Francesco Zambon: 83

Ibrahim: 78

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

Member Stats:

Guest Posters: 0

Members: 736

Moderators: 7

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1524

Posts: 6450

Newest Members:

kristiewinkle8, rust, christamcdowall, redaahern07571, nigelbdhmp, travistimmons, AnnelCib, dalenegettinger, howardkennerley, Thomassnism

Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1026, Jimmy Ni: 26, Matti Siponen: 346, Lusetti: 0

Administrators: admin: 1