Skip to content

Commit 17288ab

Browse files
eric-therond-sonarsourceeric-therond-sonarsource
authored
Disable XXE when parsing Qualys reports (#2539)
1 parent ba0e2aa commit 17288ab

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

dojo/tools/qualys/parser.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -229,7 +229,7 @@ def issue_r(raw_row, vuln):
229229

230230

231231
def qualys_parser(qualys_xml_file):
232-
parser = etree.XMLParser(remove_blank_text=True, no_network=True, recover=True)
232+
parser = etree.XMLParser(resolve_entities=False, remove_blank_text=True, no_network=True, recover=True)
233233
d = etree.parse(qualys_xml_file, parser)
234234
r = d.xpath('//ASSET_DATA_REPORT/HOST_LIST/HOST')
235235
master_list = []

dojo/tools/qualys_webapp/parser.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -140,7 +140,7 @@ def issue_r(raw_row, vuln, test, issueType):
140140

141141

142142
def qualys_webapp_parser(qualys_xml_file, test):
143-
parser = etree.XMLParser(remove_blank_text=True, no_network=True, recover=True)
143+
parser = etree.XMLParser(resolve_entities=False, remove_blank_text=True, no_network=True, recover=True)
144144
d = etree.parse(qualys_xml_file, parser)
145145

146146
right = d.xpath('/WAS_WEBAPP_REPORT/RESULTS/WEB_APPLICATION/VULNERABILITY_LIST/VULNERABILITY')

0 commit comments

Comments
 (0)