I am having XXE vulnerability in my code,Improper Restriction of XML External Entity
TransformerFactory tff = TransformerFactory.newInstance();
Transformer tf = tff.newTransformer();
Source sc = message.getSOAPPart().getContent();
StreamResult result = new StreamResult(System.out);
tf.transform(sc, result);
I have added the below two lines of code(XML parser) to fix the issue. But still the fix is not working.
TransformerFactory tff = TransformerFactory.newInstance();
tff.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); //added
tff.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); //added
Transformer tf = tff.newTransformer();
Source sc = message.getSOAPPart().getContent();
StreamResult result = new StreamResult(System.out);
tf.transform(sc, result);
anything I missed? Can someone help pls