NFR - Ensure secure parsing of incoming data (XML, JSON, ...) #1679
DanielaWuensch
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Feature Request
Non-functional Requirement (Enabler) - Ensure secure parsing of incoming data (XML, JSON, ...)
As company which operates the EDC, I want to ensure that incoming documents are being parsed securely by the EDC.
DTTs from untrusted Sources should be disabled.
Validate Documents against existing Schemas.
Process incoming XML documents securely (e.g. use XML parser provided by platform, not untrusted sources, protect against excessive resource consumption)
Insecure deserialization must be prohibited.
See Link for guidance:
https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html#java
Which Areas Would Be Affected?
all, including DPF, CI, build, transfer, etc._
Why Is the Feature Desired?
Security Requirement
Solution Proposal
Check that incoming XML documents are processed securely (e.g. use XML parser provided by platform, not untrusted sources, protect against excessive resource consumption)
Insecure deserialization must be prohibited.
See Link for guidance:
https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html#java
Type of Issue
non-functional requirement - enabler
Checklist
Check in place
Beta Was this translation helpful? Give feedback.
All reactions