5 个仓库
General security practices for XML document parsing.
Distinguishing note: Broader than XXE prevention, covering general XML security.
Explore 5 awesome GitHub repositories matching security & cryptography · XML Processing Security. Refine with filters or upvote what's useful.
The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral
Validates and sanitizes XML data to prevent common vulnerabilities associated with document parsing.
This repository is a comprehensive collection of reference implementations and sample libraries for the Universal Windows Platform. It provides practical examples of how to use Windows Runtime APIs to build cross-device applications, including detailed guidance on XAML-based declarative user interfaces and DirectX-integrated rendering. The project distinguishes itself by providing a wide array of hardware integration suites, covering low-level communication with USB, Serial, I2C, SPI, and GPIO peripherals. It includes specialized implementations for mixed reality holographic rendering, advanc
Provides secure XML parsing by preventing DTD usage and controlling external references to protect against exhaustion.
ModSecurity is an open-source web application firewall and security engine. It functions as an HTTP traffic inspector and intrusion detection system that filters incoming web requests and responses against a set of security rules to block threats and prevent attacks on web servers. The project provides a modular framework for implementing restrictive security policies and custom filtering logic. It identifies and blocks common injection attacks, such as cross-site scripting and SQL injection, while hardening web applications to reduce their overall attack surface. Its broader capabilities in
Analyzes XML content in HTTP bodies to detect vulnerabilities and policy violations.
xmltodict 是一个 Python 库,提供 XML 文档与字典之间的双向序列化功能。它既是一个将标记化输入转换为键值对的解析器,也是一个将字典转换回结构化 XML 文档的序列化工具。 该项目包含一个增量流处理器,使用基于深度的回调来处理大型 XML 文件,同时保持恒定的内存占用。它具有用于映射前缀和声明的命名空间管理器,以及一个安全清理器,可阻止外部实体扩展并验证元素名称以防止注入攻击。 该库提供了数据类型强制功能,例如强制将特定元素表示为列表(无论子元素数量如何)。它还支持通过用户定义的回调进行数据后处理,并为转换过程中的命名空间扩展、折叠或跳过提供了可配置的控制选项。
Implements security measures including external entity blocking and element name validation to prevent XML injection attacks.
该项目是一个多协议 API 模拟和 Mock 系统,旨在开发和测试期间替换外部依赖。它提供了一个 API Mock 服务器、网络流量代理,以及针对语言模型服务和身份提供商的专用模拟器。 该系统以其深度的 AI 模拟能力脱颖而出,包括模拟语言模型提供商和使用 JSON-RPC 2.0 的模型上下文协议 (MCP) 服务器。它支持多轮对话逻辑、AI 聊天 API 的状态跟踪,以及通过调用图和 Token 使用量跟踪实现代理执行的可视化。 广泛的功能领域包括针对 OpenAPI 规范的 API 契约测试、通过网络故障注入实现的韧性和混沌工程,以及用于实时请求修改的实时流量拦截。该项目还管理针对 OIDC、OAuth2、SAML 2.0 和 SCIM 2.0 标准的身份提供商模拟。 该服务器可以作为 Docker 容器、通过 Kubernetes Helm Chart 或作为独立的二进制文件部署。
Handles XML requests containing external entity declarations to test application processing of complex structures.