Java Xslt Processor Insecure Config
Description
Detects instances where XSLT transformers are created without proper security configuration in Java applications. When XSLT transformers are created with default settings, they may process external entities and stylesheets, potentially leading to XXE attacks or remote code execution through malicious XSLT.
Detection Strategy
• Check if javax.xml related packages are imported in the source file
• Look for calls to newTransformer() method which creates XSLT transformer instances
• Verify if the transformer creation is not followed by appropriate security settings or restrictions
• Report vulnerability if transformer is created with potentially unsafe default configuration
Vulnerable code example
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.stream.StreamSource;
import java.io.StringReader;
public class VulnerableXSLT {
public void process(String untrustedXslt) throws Exception {
TransformerFactory factory = TransformerFactory.newInstance();
// Vulnerable: Creates transformer from untrusted XSLT without security controls...✅ Secure code example
import javax.xml.XMLConstants;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.stream.StreamSource;
import java.io.StringReader;
public class SecureXSLT {
public void process(String untrustedXslt) throws Exception {
TransformerFactory factory = TransformerFactory.newInstance();...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.