What is the best way to fix "Improper Restriction of xml external entity reference"?

Question 1

What is the best way to fix "Improper Restriction of xml external entity reference"?

c# .net xml veracode

piterskiy · Feb 21, 2014 · Viewed 8.6k times · Source

Answer

Answer

I also had the same issue with Veracode, and the following resolved it.
After declaring XmlReader:

XmlDocument xmlDoc = new XmlDocument();

Add line:

xmlDoc.XmlResolver = null;

Question 2

We recently run VeraCode that points out on the following method:

    public XmlElement RunProcedureXmlElement(string Procedure, List<SqlParameter> Parameters)
    {
        DataSet ds = RunProcedureDataSet(Procedure, Parameters);
        XmlDocument xmlDoc = new XmlDocument();
        StringBuilder strXML = new StringBuilder();

        foreach (DataTable dt in ds.Tables)
        {
            foreach (DataRow dr in dt.Rows)
            {
                strXML.Append(dr[0]); // Do I still need .ToString()???
            }
        }
        if (strXML.Length == 0) strXML.Append("<root total=\"0\"></root>");

        try
        {
            xmlDoc.LoadXml(strXML.ToString());
        }
        catch (XmlException e)
        {

        }

        return xmlDoc.DocumentElement;
    }

What would be a good solution to fix that method so VeraCode stops complaining?

Thank's

What is the best way to fix "Improper Restriction of xml external entity reference"?

Answer

Related questions