I refer Prevent XXE Attack with JAXB this link,
but still kiwan tool showing me very heigh VULNERABILITIES in xif.createXMLStreamReader(soapHeader.getSource()) line, So please help me if anyone know.
My code is below like:
SoapHeader soapHeader = ((SoapMessage) message).getSoapHeader();
XMLInputFactory xif = XMLInputFactory.newFactory();
xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES,false);
xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
XMLStreamReader soapHeaderXsr = xif.createXMLStreamReader(soapHeader.getSource());
unmarshaller.unmarshal(soapHeaderXsr);
Thanks.
I resolved this problem by adding extra XMLInputFactory properties which are :-
xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
The safest way to prevent XXE is always to disable DTDs (External Entities) completely.
Set DTD propertie to false for more information refer this link.
now solve my code vulnerabilites
Thank you