csharp.lang.security.xxe.xmldocument-unsafe-parser-override.xmldocument-unsafe-parser-override
semgrep
Author
unknown
Download Count*
License
XmlReaderSettings found with DtdProcessing.Parse on an XmlReader handling a string argument from a public method. Enabling Document Type Definition (DTD) parsing may cause XML External Entity (XXE) injection if supplied with user-controllable data.
Run Locally
Run in CI
Defintion
rules:
- id: xmldocument-unsafe-parser-override
mode: taint
pattern-sources:
- patterns:
- focus-metavariable: $ARG
- pattern-inside: |
public $T $M(...,string $ARG,...){...}
pattern-sinks:
- patterns:
- pattern: |
$XMLDOCUMENT.$METHOD(...)
- pattern-inside: |
XmlDocument $XMLDOCUMENT = new XmlDocument(...);
...
$XMLDOCUMENT.XmlResolver = new XmlUrlResolver(...);
...
message: XmlReaderSettings found with DtdProcessing.Parse on an XmlReader
handling a string argument from a public method. Enabling Document Type
Definition (DTD) parsing may cause XML External Entity (XXE) injection if
supplied with user-controllable data.
languages:
- csharp
severity: WARNING
metadata:
category: security
references:
- https://www.jardinesoftware.net/2016/05/26/xxe-and-net/
- https://docs.microsoft.com/en-us/dotnet/api/system.xml.xmldocument.xmlresolver?view=net-6.0#remarks
technology:
- .net
- xml
cwe:
- "CWE-611: Improper Restriction of XML External Entity Reference"
owasp:
- A04:2017 - XML External Entities (XXE)
- A05:2021 - Security Misconfiguration
cwe2022-top25: true
cwe2021-top25: true
subcategory:
- vuln
impact: MEDIUM
likelihood: LOW
confidence: MEDIUM
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- XML Injection
Examples
xmldocument-unsafe-parser-override.cs
public class Foo{
public void LoadBad(string input)
{
string fileName = @"C:\Users\user\Documents\test.xml";
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.XmlResolver = new XmlUrlResolver();
// ruleid: xmldocument-unsafe-parser-override
xmlDoc.Load(input);
Console.WriteLine(xmlDoc.InnerText);
Console.ReadLine();
}
public static void StaticLoadBad(string input)
{
string fileName = @"C:\Users\user\Documents\test.xml";
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.XmlResolver = new XmlUrlResolver();
// ruleid: xmldocument-unsafe-parser-override
xmlDoc.Load(input);
Console.WriteLine(xmlDoc.InnerText);
Console.ReadLine();
}
public void LoadGood(string input)
{
XmlDocument xmlDoc = new XmlDocument();
// ok: xmldocument-unsafe-parser-override
xmlDoc.Load(input);
Console.WriteLine(xmlDoc.InnerText);
Console.ReadLine();
}
}
Short Link: https://sg.run/k98P