XML Injection (Blind XPath Injection)
Description
It is possible to attach malicious behavior to those style sheets. Therefore, if an attacker can control the content or the source of the style sheet, he might be able to trigger remote code execution.
Examples
Insecure Code
java
TransformerFactory factory = TransformerFactory.newInstance();
factory.newTransformer(new StreamSource(new File(userInput)));Secure Code
java
TransformerFactory factory = TransformerFactory.newInstance();
factory.newTransformer(new StreamSource(new File(sanitizedInput)));Remediation
Validate and sanitize user-controlled input used in XML style sheets to prevent malicious behavior.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0081 |
| Category | Injection |
| Severity | MEDIUM |
| CWE | CWE-91 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | xml, xslt, injection |
| OWASP | N/A |