IllegalArgumentException: Not supported when implement sonarqube solution for "XML parsers should not be vulnerable to XXE attacks"

1.5k Views Asked by Marco R. At 12 April 2025 at 18:05

I've this sonarqube issue in my java project: Disable access to external entities in XML parsing. I've implemented the compliant solution that is like this:

TransformerFactory transformerFactory = TransformerFactory.newInstance();
transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");

but now when i debug the code i've this exception:

java.lang.IllegalArgumentException: Not supported: http://javax.xml.XMLConstants/property/accessExternalDTD

what am I doing wrong?

Original Q&A

There are 1 best solutions below

bhanu prakash On 15 March 2021 at 16:48

The implementation of Transformer Factory in your application may not support the properties XMLConstants.ACCESS_EXTERNAL_DTD and XMLConstants.ACCESS_EXTERNAL_STYLESHEET.

You can try creating instance of Transformer Factory in this way :

TransformerFactory transformerFactory = new com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl();
transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");

instead of your actual code :

TransformerFactory transformerFactory = TransformerFactory.newInstance();
transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");

IllegalArgumentException: Not supported when implement sonarqube solution for "XML parsers should not be vulnerable to XXE attacks"

There are 1 best solutions below

Related Questions in JAVA

Related Questions in SONARQUBE

Related Questions in ILLEGALARGUMENTEXCEPTION

Related Questions in XXE

Trending Questions

Popular # Hahtags

Popular Questions