XXETestMacRemediation.java

import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.Document;
import java.io.ByteArrayInputStream;

public class XXETestMacRemediation {
    public static void main(String[] args) {
        String xmlData = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
                         "<!DOCTYPE foo [<!ENTITY xxe SYSTEM \"file:///etc/passwd\" >]>" +
                         "<foo>&xxe;</foo>";

        try {
            DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
	    factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
	    factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
	    DocumentBuilder builder = factory.newDocumentBuilder();
            Document document = builder.parse(new ByteArrayInputStream(xmlData.getBytes()));
            document.getDocumentElement().normalize();
            String content = document.getDocumentElement().getTextContent();
            if(content.length() > 100) {
                content = content.substring(0, 100) + "...";
            }
            System.out.println(content);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}