From 3f807bfa56914d6bf708311b4facdf70e9ac6dde Mon Sep 17 00:00:00 2001
From: Varun Sharma <varunsh@stepsecurity.io>
Date: Tue, 9 May 2023 23:21:01 -0700
Subject: [PATCH] Create external-parameter-entities.java

---
 external-parameter-entities.java | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 external-parameter-entities.java

diff --git a/external-parameter-entities.java b/external-parameter-entities.java
new file mode 100644
index 0000000..08e5f09
--- /dev/null
+++ b/external-parameter-entities.java
@@ -0,0 +1,22 @@
+package example;
+
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.ParserConfigurationException;
+
+
+class GoodDocumentBuilderFactory {
+    public void GoodXMLInputFactory() throws  ParserConfigurationException {
+        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+        //ok:documentbuilderfactory-external-parameter-entities-true
+        dbf.setFeature("http://xml.org/sax/features/external-parameter-entities" , false);
+    }
+}
+
+class BadDocumentBuilderFactory{
+    public void BadXMLInputFactory() throws  ParserConfigurationException {
+        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+        //ruleid:documentbuilderfactory-external-parameter-entities-true
+        dbf.setFeature("http://xml.org/sax/features/external-parameter-entities" , true);
+    }
+}