Skip to content

Commit ffefb83

Browse files
danilobredadanilobreda
authored
Merge pull request #118 from yuri-lucena/correcao-de-falha-xxe
Correçao de vulnerabilidade XXE
2 parents 0394c22 + 5e0ade9 commit ffefb83

File tree

3 files changed

+15
-3
lines changed

3 files changed

+15
-3
lines changed

CTe.Utils/Validacao/Validador.cs

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,9 +22,13 @@ public static void Valida(string xml, string schema, ConfiguracaoServico configu
2222
// Define o tipo de validação
2323
var cfg = new XmlReaderSettings { ValidationType = ValidationType.Schema };
2424

25+
// Previne ataques XXE: nao permite resolver recursos externos
26+
cfg.DtdProcessing = DtdProcessing.Prohibit;
27+
cfg.XmlResolver = null;
28+
2529
// Carrega o arquivo de esquema
2630
var schemas = new XmlSchemaSet();
27-
schemas.XmlResolver = new XmlUrlResolver();
31+
schemas.XmlResolver = null;
2832

2933
cfg.Schemas = schemas;
3034
// Quando carregar o schema, especificar o namespace que ele valida

MDFe.Utils/Validacao/Validador.cs

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,9 +21,13 @@ public static void Valida(string xml, string schema, MDFeConfiguracao cfgMdfe =
2121
// Define o tipo de validação
2222
var cfg = new XmlReaderSettings { ValidationType = ValidationType.Schema };
2323

24+
// Previne ataques XXE: nao permite resolver recursos externos
25+
cfg.DtdProcessing = DtdProcessing.Prohibit;
26+
cfg.XmlResolver = null;
27+
2428
// Carrega o arquivo de esquema
2529
var schemas = new XmlSchemaSet();
26-
schemas.XmlResolver = new XmlUrlResolver();
30+
schemas.XmlResolver = null;
2731

2832
cfg.Schemas = schemas;
2933
// Quando carregar o eschema, especificar o namespace que ele valida

NFe.Utils/Validacao/Validador.cs

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -123,9 +123,13 @@ public static string[] Valida(ServicoNFe servicoNFe, VersaoServico versaoServico
123123
// Define o tipo de validação
124124
var cfg = new XmlReaderSettings { ValidationType = ValidationType.Schema };
125125

126+
// Previne ataques XXE: nao permite resolver recursos externos
127+
cfg.DtdProcessing = DtdProcessing.Prohibit;
128+
cfg.XmlResolver = null;
129+
126130
// Carrega o arquivo de esquema
127131
var schemas = new XmlSchemaSet();
128-
schemas.XmlResolver = new XmlUrlResolver();
132+
schemas.XmlResolver = null;
129133

130134
cfg.Schemas = schemas;
131135
// Quando carregar o eschema, especificar o namespace que ele valida

0 commit comments

Comments
 (0)