Skip to content

Semgrep Rule Fix #2595

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Akhil-gi wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Semgrep Rule Fix #2595

Akhil-gi wants to merge 2 commits into from
+3 −0

Conversation

@Akhil-gi
Copy link

@Akhil-gi Akhil-gi commented Feb 3, 2026

We have used our AI-Guardian( https://ai-rem-demo.remediation.opsmx.net) product to identify and remediate a Semgrep rule violation

Pull Request — Semgrep Rule Fix
Rule ID: transformerfactory-dtds-not-disabled
Rule Message: DOCTYPE declarations are enabled for this TransformerFactory. This is vulnerable to XML external entity attacks. Disable this by setting the attributes "accessExternalDTD" and "accessExternalStylesheet" to "".
File Path: /tools/scanResult/unzipped-2878896019/jme3-plugins/src/xml/java/com/jme3/export/xml/XMLExporter.java
Line: 100

root and others added 2 commits February 3, 2026 05:27
fix: transformerfactory-dtds-not-disabled-100
b1ec1bd
@Akhil-gi
Merge pull request #9 from Akhil-gi/fix/semgrep-transformerfactory-dt…
8fd2266 
…ds-not-disabled-100-s0PY9atwi3

fix: semgrep-transformerfactory-dtds-not-disabled
codex128
codex128 requested changes Feb 3, 2026
View reviewed changes
Copy link
Contributor

@codex128 codex128 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change causes an exception when using XMLExporter:

SEVERE: Uncaught exception thrown in Thread[#44,jME3 Main,5,main]
java.lang.IllegalArgumentException: TransformerFactory does not recognise attribute 'accessExternalDTD'.
	at java.xml/com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl.setAttribute(TransformerFactoryImpl.java:542)
	at com.jme3.export.xml.XMLExporter.save(XMLExporter.java:100)
	at com.jme3.export.xml.XMLExporter.save(XMLExporter.java:125)
	at com.jme3.export.JmeExporter.save(JmeExporter.java:62)
	at jme3test.export.TestIssue2068.simpleInitApp(TestIssue2068.java:104)
	at com.jme3.app.SimpleApplication.initialize(SimpleApplication.java:246)
	at com.jme3.system.lwjgl.LwjglAbstractDisplay.initInThread(LwjglAbstractDisplay.java:142)
	at com.jme3.system.lwjgl.LwjglAbstractDisplay.run(LwjglAbstractDisplay.java:224)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@codex128 codex128 codex128 requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Akhil-gi @codex128