Added Test for XXE

[DotDotSlashRepo]

This PR covers issue #8

• This PR handles the issue and requires no additional PRs. Refer TODOs
• You have validated the need for this change.

What did this PR accomplish?

• Added test case for XXE

TODO

1. Edit top level page to link to test case.
2. This test case has overlap with WSTG-INPV-07 , XML injection. WSTG-INPV-07 is to be modified to eliminate duplication.
3. Need to re-order test case, XXE makes more sense to be after XML injection

Thank you for your contribution!

[github-actions]

Following links are broken:
FILE:document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/20-Testing_for_XXE_Injection.md
[✖] https://www.securityfocus.com/archive/1/297714 → Status: 0

[DotDotSlashRepo]

TODO

Edit top level page to link to test case.
This test case has overlap with WSTG-INPV-07 , XML injection. WSTG-INPV-07 is to be modified to eliminate duplication.
Need to re-order test case, XXE makes more sense to be after XML injection

@kingthorin : Can I go ahead with these ?

[kingthorin]

I'm good with you addressing duplicate content.
However re-ordering things should wait until we are headed to 5.x. Currently we are still planning further 4.x releases, so maybe just create an issue and we can assign it to the 5.0 milestone.

[github-actions]

Please comment if you are still working on this PR, as it has been inactive for 30 days. To give everyone a chance to contribute, we are releasing it for new contributors to take over.

[github-actions]

Please comment if you are still working on this PR, as it has been inactive for 30 days. To give everyone a chance to contribute, we are releasing it for new contributors to take over.

[kingthorin]

@DotDotSlashRepo do you intend to finish this?

[kingthorin]

@DotDotSlashRepo do you intend to finish this?

[rejahrehim]

• libxml2: xmlCtxtReadMemory, xmlCtxtUseOptions, xmlParseInNodeContext, xmlReadDoc, xmlReadFd, xmlReadFile, xmlReadIO, xmlReadMemory, xmlCtxtReadDoc, xmlCtxtReadFd, xmlCtxtReadFile, xmlCtxtReadIO

[rejahrehim]

• libxerces-c: XercesDOMParser, SAXParser, SAX2XMLReader

[ThunderSon]

@RiieCco might you have some time to give this a look?

@kingthorin what is still needed for this? I'll be giving this a look as well.

[kingthorin]

Comments from Feb 5th and Rejah’s more recent comments.

[ThunderSon]

Alright. Let's re-review that comment, as that seems to be creating an issue, and is not a blocker right now.
Let's try to recall the exact concern and then move this.
This is a good addition, I'll try to review this ASAP.

[kingthorin]

It was this discussion:

TODO
Edit top level page to link to test case.
This test case has overlap with WSTG-INPV-07 , XML injection. WSTG-INPV-07 is to be modified to eliminate duplication.
Need to re-order test case, XXE makes more sense to be after XML injection

---

I'm good with you addressing duplicate content.
However re-ordering things should wait until we are headed to 5.x. Currently we are still planning further 4.x releases, so maybe just create an issue and we can assign it to the 5.0 milestone.