HP Fortify has shown that some boiler plate code for .NET Web API 2 could be susceptible to External entity injection with xml.
the code in question looks like this
if (documentPath == null)
{
throw new ArgumentNullException("documentPath");
}
XPathDocument xpath = new XPathDocument(documentPath); // badness here
_documentNavigator = xpath.CreateNavigator();
Can anyone shed some like on how to resolve this??