Recommended mitigation:
Replace this dangerous code:
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.isIgnoringElementContentWhitespace();
DocumentBuilder builder = factory.newDocumentBuilder();
edegula
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <xsl:stylesheet | |
| xmlns:xsl="http://www.w3.org/1999/XSL/Transform" | |
| version="2.0"> | |
| <xsl:template match="@*|node()"> | |
| <xsl:copy> | |
| <xsl:apply-templates select="@*|node()"/> | |
| </xsl:copy> | |
| </xsl:template> | |
treyturner
/ parseUri.groovy
Last active
April 9, 2020 09:30
Groovy: Parse a URL while including a handy map of the query string
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Created by tturner on 7/22/15. | |
| */ | |
| import groovy.json.* | |
| static def parseQueryString(String string) { | |
| string.split('&').collectEntries{ param -> | |
| param.split('=', 2).collect{ URLDecoder.decode(it, 'UTF-8') } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.util.zip.* | |
| String zipFileName = "file.zip" | |
| String inputDir = "logs" | |
| def outputDir = "zip" | |
| //Zip files | |
| ZipOutputStream zipFile = new ZipOutputStream(new FileOutputStream(zipFileName)) | |
| new File(inputDir).eachFile() { file -> |
rtyler
/ upload-to-azure.sh
Created
January 4, 2018 19:22
A bash script which supports uploading blobs to Azure Storage: ./upload-to-azure.sh [filename]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| FILENAME=${1} | |
| # expected to be defined in the environment | |
| # - AZURE_STORAGE_ACCOUNT | |
| # - AZURE_CONTAINER_NAME | |
| # - AZURE_ACCESS_KEY | |
| # inspired by |
AlainODea
/ DocumentBuilderFactory_XXE_mitigation.md
Last active
May 17, 2021 02:45
DocumentBuilderFactory that mitigates XXE using OWASP guidance