mirror of
https://github.com/google/nomulus
synced 2026-07-06 00:04:50 +00:00
eda0f7ad7c
Configure a throwing XMLResolver on XMLInputFactory in XmlTransformer to act as an additional defense-in-depth security layer against XML External Entity (XXE) and entity expansion/resolution attacks. This prevents resolution of external and internal entities in StAX parsing pipelines, ensuring that malformed payloads containing entity definitions are safely blocked and rejected. Also add a unit test to EppXmlSanitizerTest verifying that EPP messages containing DTD and external entities fail parsing and fall back safely to their Base64 representation. TAG=agy CONV=610c2358-a99f-4605-94cd-ff0d4ee08176 BUG= http://b/529387728