Actions by GeneXus
- GeneXus brings serialization/deserialization secure mechanisms as FromJSON, ToJSON, FromXML & ToXML.
- When the SDT's ToXML or ToJSON functions are used GeneXus codes the entries.
- When the XML is manually readed/writen XMLWriter and XMLReader functions code/decode the entries and values accordingly.
Actions by Developers
- Sanitize user's entries if those are concatenated to an XML and charged using FromXML function.
- If the function WriteRawText of XMLWriter is used the developer must sanitize user's entires.
- Sanitize user's entries if those are concatenated to a JSON and charged using FromJSON function.
- Security Scanner - Detections:
- SDT.FromXml() pattern usage (#126), SDT.FromJson() pattern usage (#127), SDT.FromXmlFile() pattern usage (#134), SDT.FromJsonFile() pattern usage (#135).