Info Call to XML parsing API

Description

Improper XML parsing could lead to several vulnerabilities which could to arbitrary file access (External XML Entities injection, XML injection) or denial of service (Billion laughs, quadratic blowup).

Recommendation

This entry is informative, no recommendations applicable.

Technical details

Method android.support.v7.widget.ActivityChooserModel$PersistHistoryAsyncTask.doInBackground() calling method android.util.Xml.newSerializer()

Couldn't retrieve source code

Method com.google.android.exoplayer2.source.dash.manifest.DashManifestParser.a() calling method android.util.Xml.newSerializer()


    protected byte[] a(org.xmlpull.v1.XmlPullParser p7, java.io.ByteArrayOutputStream p8)
    {
        p8.reset();
        org.xmlpull.v1.XmlSerializer v0 = android.util.Xml.newSerializer();
        v0.setOutput(p8, 0);
        p7.nextToken();
        while (!com.google.android.exoplayer2.util.XmlPullParserUtil.g(p7, "Event")) {
            int v3_0 = 0;
            switch (p7.getEventType()) {
                case 0:
                    v0.startDocument(0, Boolean.valueOf(0));
                    break;
                case 1:
                    v0.endDocument();
                    break;
                case 2:
                    v0.startTag(p7.getNamespace(), p7.getName());
                    while (v3_0 < p7.getAttributeCount()) {
                        v0.attribute(p7.getAttributeNamespace(v3_0), p7.getAttributeName(v3_0), p7.getAttributeValue(v3_0));
                        v3_0++;
                    }
                    break;
                case 3:
                    v0.endTag(p7.getNamespace(), p7.getName());
                    break;
                case 4:
                    v0.text(p7.getText());
                    break;
                case 5:
                    v0.cdsect(p7.getText());
                    break;
                case 6:
                    v0.entityRef(p7.getText());
                    break;
                case 7:
                    v0.ignorableWhitespace(p7.getText());
                    break;
                case 8:
                    v0.processingInstruction(p7.getText());
                    break;
                case 9:
                    v0.comment(p7.getText());
                    break;
                case 10:
                    v0.docdecl(p7.getText());
                    break;
                default:
            }
            p7.nextToken();
        }
        v0.flush();
        return p8.toByteArray();
    }

Method tv.freewheel.utils.XMLHandler.createXMLDocument() calling method android.util.Xml.newSerializer()


    public static String createXMLDocument(tv.freewheel.utils.XMLElement p4)
    {
        tv.freewheel.utils.XMLHandler.logger.debug("Create xml document");
        org.xmlpull.v1.XmlSerializer v0_1 = android.util.Xml.newSerializer();
        java.io.StringWriter v1_2 = new java.io.StringWriter();
        v0_1.setOutput(v1_2);
        v0_1.startDocument("UTF-8", Boolean.valueOf(1));
        p4.toXML(v0_1);
        v0_1.endDocument();
        return v1_2.toString();
    }