RAT-560: changes to reduce XXE exposure#679
Merged
Merged
Conversation
Contributor
|
@Claudenw having a look at the coverage report I wonder if it makes sense to add a test that defines a custom stylesheet to transform the report ..... or should we just merge the PR? I guess it still wouldn't give us another 4% coverage. WDYT? |
ottlinger
approved these changes
Jun 17, 2026
ottlinger
left a comment
Contributor
There was a problem hiding this comment.
LGTM - added minor changes and a little more test. Thanks for clarification and adding protection against XXE attacks in that regard.
Contributor
|
@Claudenw the tests seem to be problematic as they have different results in different languages: |
Contributor
Author
|
@ottlinger I removed the test for the translated text. |
|
Contributor
Author
|
@ottlinger Are we good to merge this? |
Contributor
potiuk
added a commit
to potiuk/creadur-rat
that referenced
this pull request
Jun 21, 2026
…d (external entities disabled, apache#679 hardens DOCTYPE), no-network confirmed (XSLT xsl:include caveat), correct archive path-handling (read to memory, no extract-to-disk → no path traversal), Whisker/Tentacles deferred
potiuk
added a commit
to potiuk/creadur-rat
that referenced
this pull request
Jun 27, 2026
…e labels Answers Claudenw's review note (does apache#679 impact the XXE data-flow line?): the §5a/§8 text already records that RAT disables external entities + the apache#679 DOCTYPE hardening, but the data-flow diagram and the input/residual tables still labelled XXE a bare "surface". Annotate those three labels with the mitigation so the diagram is consistent with §5a/§8 apache#2. Generated-by: Claude Opus 4.8 (1M context)
potiuk
added a commit
to potiuk/creadur-rat
that referenced
this pull request
Jun 27, 2026
Consistency with THREAT_MODEL.md (§5a / §8 apache#2): since RAT-560 (apache#679) RAT builds XML parsers via the hardened StandardXmlFactory (DOCTYPE + external entities disabled), so XXE is actively prevented. Lead with that; keep the operator-trusted-config argument as defense-in-depth. Generated-by: Claude Opus 4.8 (1M context)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.



RAT-560: Static code analysis (also GitHub security scans) brings up potential XXE attacks in our XMLParser configuration: