修复“xml 外部实体引用限制不当”的最佳方法是什么?
[英]What is the best way to fix “Improper Restriction of xml external entity reference”?
问题描述
We recently run VeraCode that points out on the following method:
我们最近运行了 VeraCode,它指出了以下方法:
public XmlElement RunProcedureXmlElement(string Procedure, List<SqlParameter> Parameters)
{
DataSet ds = RunProcedureDataSet(Procedure, Parameters);
XmlDocument xmlDoc = new XmlDocument();
StringBuilder strXML = new StringBuilder();
foreach (DataTable dt in ds.Tables)
{
foreach (DataRow dr in dt.Rows)
{
strXML.Append(dr[0]); // Do I still need .ToString()???
}
}
if (strXML.Length == 0) strXML.Append("<root total=\"0\"></root>");
try
{
xmlDoc.LoadXml(strXML.ToString());
}
catch (XmlException e)
{
}
return xmlDoc.DocumentElement;
}
What would be a good solution to fix that method so VeraCode stops complaining?什么是修复该方法的好解决方案,以便 VeraCode 停止抱怨?
Thank's谢谢
4 个解决方案
解决方案1
5 2015-12-17 18:37:27
I also had the same issue with Veracode, and the following resolved it.我在 Veracode 上也遇到了同样的问题,以下解决了它。
After declaring XmlReader :声明XmlReader :
XmlDocument xmlDoc = new XmlDocument();
Add line:添加行:
xmlDoc.XmlResolver = null;
解决方案2
3 2014-02-24 14:40:25
After doing some research, this piece of code should fix it:经过一番研究,这段代码应该修复它:
using (System.IO.MemoryStream stream = new System.IO.MemoryStream (Encoding.Default.GetBytes(strXML.ToString())))
{
XmlReaderSettings settings = new XmlReaderSettings();
settings.DtdProcessing = DtdProcessing.Prohibit;
using (XmlReader reader = XmlReader.Create(stream, settings))
{
try
{
xmlDoc.Load(reader);
}
catch(XmlException e)
{
}
}
}
解决方案3
2 2018-06-08 08:41:44
I used following example to solve this issues我用下面的例子来解决这个问题
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.XmlResolver = null;
xmlDoc.LoadXml(strXML.ToString());
解决方案4
2 2020-09-10 08:53:05
根据 VS2017 IDE 建议,您可以通过以下方式更正:
XmlDocument xmlDoc = new XmlDocument { XmlResolver = null };
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.