From ecfa365ff5d8341505fc69f73f3e5d8cd8a9b76f Mon Sep 17 00:00:00 2001 From: Gaetan Ferry Date: Thu, 28 Sep 2023 14:53:30 +0200 Subject: [PATCH] Adding W3C xinclude standard link --- rules/S6373/java/rule.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rules/S6373/java/rule.adoc b/rules/S6373/java/rule.adoc index 1062cd3ab3c..02c9d0c9f09 100644 --- a/rules/S6373/java/rule.adoc +++ b/rules/S6373/java/rule.adoc @@ -67,11 +67,12 @@ property to `false`. * OWASP - https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#java[OWASP XXE Prevention Cheat Sheet] * Java documentation - https://docs.oracle.com/en/java/javase/13/security/java-api-xml-processing-jaxp-security-guide.html#GUID-8CD65EF5-D113-4D5C-A564-B875C8625FAC[XML External Entity Injection Attack] +* W3C - https://www.w3.org/TR/xinclude-11/[XML Inclusions (XInclude) Version 1.1] === Standards * OWASP - https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)[Top 10 2017 - Category A4 - XML External Entities (XXE)] -* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/Top 10 2021 - Category A5 - Security Misconfiguration] +* OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 - Category A5 - Security Misconfiguration] * CWE - https://cwe.mitre.org/data/definitions/611[CWE-611 - Improper Restriction of XML External Entity Reference] * CWE - https://cwe.mitre.org/data/definitions/827[CWE-827 - Improper Control of Document Type Definition]