JAVASE-196 Update rule metadata

java-symbolic-execution/java-symbolic-execution-plugin/src/main/resources/org/sonar/l10n/java/rules/javase/S2095.html

@@ -61,12 +61,12 @@ <h3>Compliant solution</h3>
 <h3>Exceptions</h3>
 <p>Instances of the following classes are ignored by this rule because <code>close</code> has no effect:</p>
 <ul>
-  <li> <code>java.io.ByteArrayOutputStream</code> </li>
-  <li> <code>java.io.ByteArrayInputStream</code> </li>
-  <li> <code>java.io.CharArrayReader</code> </li>
-  <li> <code>java.io.CharArrayWriter</code> </li>
-  <li> <code>java.io.StringReader</code> </li>
-  <li> <code>java.io.StringWriter</code> </li>
+  <li><code>java.io.ByteArrayOutputStream</code></li>
+  <li><code>java.io.ByteArrayInputStream</code></li>
+  <li><code>java.io.CharArrayReader</code></li>
+  <li><code>java.io.CharArrayWriter</code></li>
+  <li><code>java.io.StringReader</code></li>
+  <li><code>java.io.StringWriter</code></li>
 </ul>
 <p>Java 7 introduced the try-with-resources statement, which implicitly closes <code>Closeables</code>. All resources opened in a try-with-resources
 statement are ignored by this rule.</p>
@@ -80,10 +80,10 @@ <h3>Exceptions</h3>
 </pre>
 <h2>Resources</h2>
 <ul>
-  <li> CWE - <a href="https://cwe.mitre.org/data/definitions/459">CWE-459 - Incomplete Cleanup</a> </li>
-  <li> CWE - <a href="https://cwe.mitre.org/data/definitions/772">CWE-772 - Missing Release of Resource after Effective Lifetime</a> </li>
-  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/vjdGBQ">CERT, FIO04-J.</a> - Release resources when they are no longer needed </li>
-  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/QtUxBQ">CERT, FIO42-C.</a> - Close files when they are no longer needed </li>
-  <li> <a href="https://docs.oracle.com/javase/tutorial/essential/exceptions/tryResourceClose.html">Try With Resources</a> </li>
+  <li>CWE - <a href="https://cwe.mitre.org/data/definitions/459">CWE-459 - Incomplete Cleanup</a></li>
+  <li>CWE - <a href="https://cwe.mitre.org/data/definitions/772">CWE-772 - Missing Release of Resource after Effective Lifetime</a></li>
+  <li><a href="https://wiki.sei.cmu.edu/confluence/x/vjdGBQ">CERT, FIO04-J.</a> - Release resources when they are no longer needed</li>
+  <li><a href="https://wiki.sei.cmu.edu/confluence/x/QtUxBQ">CERT, FIO42-C.</a> - Close files when they are no longer needed</li>
+  <li><a href="https://docs.oracle.com/javase/tutorial/essential/exceptions/tryResourceClose.html">Try With Resources</a></li>
 </ul>
 

java-symbolic-execution/java-symbolic-execution-plugin/src/main/resources/org/sonar/l10n/java/rules/javase/S2189.html

@@ -41,6 +41,6 @@ <h3>Compliant solution</h3>
 <h2>Resources</h2>
 <h3>Standards</h3>
 <ul>
-  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/lzZGBQ">CERT, MSC01-J.</a> - Do not use an empty infinite loop </li>
+  <li><a href="https://wiki.sei.cmu.edu/confluence/x/lzZGBQ">CERT, MSC01-J.</a> - Do not use an empty infinite loop</li>
 </ul>
 

java-symbolic-execution/java-symbolic-execution-plugin/src/main/resources/org/sonar/l10n/java/rules/javase/S2189.json

@@ -3,7 +3,7 @@
   "type": "BUG",
   "code": {
     "impacts": {
-      "RELIABILITY": "HIGH"
+      "RELIABILITY": "BLOCKER"
     },
     "attribute": "LOGICAL"
   },

java-symbolic-execution/java-symbolic-execution-plugin/src/main/resources/org/sonar/l10n/java/rules/javase/S2222.html

@@ -29,6 +29,6 @@ <h3>Compliant solution</h3>
 </pre>
 <h2>Resources</h2>
 <ul>
-  <li> CWE - <a href="https://cwe.mitre.org/data/definitions/459">CWE-459 - Incomplete Cleanup</a> </li>
+  <li>CWE - <a href="https://cwe.mitre.org/data/definitions/459">CWE-459 - Incomplete Cleanup</a></li>
 </ul>
 

java-symbolic-execution/java-symbolic-execution-plugin/src/main/resources/org/sonar/l10n/java/rules/javase/S2583.html

@@ -17,7 +17,7 @@ <h3>Noncompliant code example</h3>
 <h3>Exceptions</h3>
 <p>This rule will not raise an issue in either of these cases:</p>
 <ul>
-  <li> When the condition is a single <code>final boolean</code> </li>
+  <li>When the condition is a single <code>final boolean</code></li>
 </ul>
 <pre>
 final boolean debug = false;
@@ -27,7 +27,7 @@ <h3>Exceptions</h3>
 }
 </pre>
 <ul>
-  <li> When the condition is literally <code>true</code> or <code>false</code>. </li>
+  <li>When the condition is literally <code>true</code> or <code>false</code>.</li>
 </ul>
 <pre>
 if (true) {
@@ -37,9 +37,8 @@ <h3>Exceptions</h3>
 <p>In these cases it is obvious the code is as intended.</p>
 <h2>Resources</h2>
 <ul>
-  <li> CWE - <a href="https://cwe.mitre.org/data/definitions/570">CWE-570 - Expression is Always False</a> </li>
-  <li> CWE - <a href="https://cwe.mitre.org/data/definitions/571">CWE-571 - Expression is Always True</a> </li>
-  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/5dUxBQ">CERT, MSC12-C.</a> - Detect and remove code that has no effect or is never executed
-  </li>
+  <li>CWE - <a href="https://cwe.mitre.org/data/definitions/570">CWE-570 - Expression is Always False</a></li>
+  <li>CWE - <a href="https://cwe.mitre.org/data/definitions/571">CWE-571 - Expression is Always True</a></li>
+  <li><a href="https://wiki.sei.cmu.edu/confluence/x/5dUxBQ">CERT, MSC12-C.</a> - Detect and remove code that has no effect or is never executed</li>
 </ul>
 

java-symbolic-execution/java-symbolic-execution-plugin/src/main/resources/org/sonar/l10n/java/rules/javase/S2589.html

@@ -66,7 +66,7 @@ <h4>Compliant solution</h4>
 <h2>Resources</h2>
 <h3>Articles &amp; blog posts</h3>
 <ul>
-  <li> CWE - <a href="https://cwe.mitre.org/data/definitions/571">CWE-571 - Expression is Always True</a> </li>
-  <li> CWE - <a href="https://cwe.mitre.org/data/definitions/570">CWE-570 - Expression is Always False</a> </li>
+  <li>CWE - <a href="https://cwe.mitre.org/data/definitions/571">CWE-571 - Expression is Always True</a></li>
+  <li>CWE - <a href="https://cwe.mitre.org/data/definitions/570">CWE-570 - Expression is Always False</a></li>
 </ul>
 

java-symbolic-execution/java-symbolic-execution-plugin/src/main/resources/org/sonar/l10n/java/rules/javase/S2637.html

@@ -29,9 +29,9 @@ <h3>Noncompliant code example</h3>
 <h2>Resources</h2>
 <h3>Standards</h3>
 <ul>
-  <li> CERT - <a href="https://wiki.sei.cmu.edu/confluence/x/QdcxBQ">EXP34-C. Do not dereference null pointers</a> </li>
-  <li> CERT - <a href="https://wiki.sei.cmu.edu/confluence/display/java/EXP01-J.+Do+not+use+a+null+in+a+case+where+an+object+is+required">EXP01-J. Do
-  not use a null in a case where an object is required</a> </li>
-  <li> CWE - <a href="https://cwe.mitre.org/data/definitions/476">CWE-476 NULL Pointer Dereference</a> </li>
+  <li>CERT - <a href="https://wiki.sei.cmu.edu/confluence/x/QdcxBQ">EXP34-C. Do not dereference null pointers</a></li>
+  <li>CERT - <a href="https://wiki.sei.cmu.edu/confluence/display/java/EXP01-J.+Do+not+use+a+null+in+a+case+where+an+object+is+required">EXP01-J. Do
+  not use a null in a case where an object is required</a></li>
+  <li>CWE - <a href="https://cwe.mitre.org/data/definitions/476">CWE-476 NULL Pointer Dereference</a></li>
 </ul>
 

java-symbolic-execution/java-symbolic-execution-plugin/src/main/resources/org/sonar/l10n/java/rules/javase/S2689.html

@@ -23,12 +23,12 @@ <h4>Compliant solution</h4>
 <h2>Resources</h2>
 <h3>Articles &amp; blog posts</h3>
 <ul>
-  <li> <a href="https://docs.jboss.org/jbossas/javadoc/4.0.2/org/jboss/util/stream/AppendingObjectOutputStream.java.html">JBoss -
-  AppendingObjectOutputStream</a> </li>
+  <li><a href="https://docs.jboss.org/jbossas/javadoc/4.0.2/org/jboss/util/stream/AppendingObjectOutputStream.java.html">JBoss -
+  AppendingObjectOutputStream</a></li>
 </ul>
 <h3>Documentation</h3>
 <ul>
-  <li> <a href="https://docs.oracle.com/en/java/javase/20/docs/api/java.base/java/io/ObjectOutputStream.html">Oracle SE 20 - ObjectOutputStream</a>
-  </li>
+  <li><a href="https://docs.oracle.com/en/java/javase/20/docs/api/java.base/java/io/ObjectOutputStream.html">Oracle SE 20 -
+  ObjectOutputStream</a></li>
 </ul>
 

java-symbolic-execution/java-symbolic-execution-plugin/src/main/resources/org/sonar/l10n/java/rules/javase/S2755.html

@@ -66,7 +66,9 @@ <h4>Disable external entities</h4>
 appropriate properties or options in your XML parser library or framework.</p>
 <p>If external entity processing is necessary for certain scenarios, adopt a whitelisting approach to restrict the entities that can be resolved
 during XML parsing. Create a list of trusted external entities and disallow all others. This approach ensures that only known and safe entities are
-processed.<br> You should rely on features provided by your XML parser to restrict the external entities.</p>
+processed.
+  <br>
+  You should rely on features provided by your XML parser to restrict the external entities.</p>
 <h3>Going the extra mile</h3>
 <h4>Disable entity expansion</h4>
 <p>Specifically for <code>DocumentBuilderFactory</code>, it is possible to disable the entity expansion. Note, however, that this does not prevent the
@@ -102,7 +104,9 @@ <h4>Disable external entities</h4>
 appropriate properties or options in your XML parser library or framework.</p>
 <p>If external entity processing is necessary for certain scenarios, adopt a whitelisting approach to restrict the entities that can be resolved
 during XML parsing. Create a list of trusted external entities and disallow all others. This approach ensures that only known and safe entities are
-processed.<br> You should rely on features provided by your XML parser to restrict the external entities.</p>
+processed.
+  <br>
+  You should rely on features provided by your XML parser to restrict the external entities.</p>
 <h2>How to fix it in Jdom2</h2>
 <h3>Code examples</h3>
 <p>The following code contains examples of XML parsers that have external entity processing enabled. As a result, the parsers are vulnerable to XXE
@@ -131,7 +135,9 @@ <h4>Disable external entities</h4>
 appropriate properties or options in your XML parser library or framework.</p>
 <p>If external entity processing is necessary for certain scenarios, adopt a whitelisting approach to restrict the entities that can be resolved
 during XML parsing. Create a list of trusted external entities and disallow all others. This approach ensures that only known and safe entities are
-processed.<br> You should rely on features provided by your XML parser to restrict the external entities.</p>
+processed.
+  <br>
+  You should rely on features provided by your XML parser to restrict the external entities.</p>
 <h2>How to fix it in SAX</h2>
 <h3>Code examples</h3>
 <p>The following code contains examples of XML parsers that have external entity processing enabled. As a result, the parsers are vulnerable to XXE
@@ -163,16 +169,22 @@ <h4>Disable external entities</h4>
 appropriate properties or options in your XML parser library or framework.</p>
 <p>If external entity processing is necessary for certain scenarios, adopt a whitelisting approach to restrict the entities that can be resolved
 during XML parsing. Create a list of trusted external entities and disallow all others. This approach ensures that only known and safe entities are
-processed.<br> You should rely on features provided by your XML parser to restrict the external entities.</p>
+processed.
+  <br>
+  You should rely on features provided by your XML parser to restrict the external entities.</p>
 <h2>Resources</h2>
 <h3>Standards</h3>
 <ul>
-  <li> OWASP - <a href="https://owasp.org/Top10/A05_2021-Security_Misconfiguration/">Top 10 2021 Category A5 - Security Misconfiguration</a> </li>
-  <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)">Top 10 2017 Category A4 - XML External
-  Entities (XXE)</a> </li>
-  <li> CWE - <a href="https://cwe.mitre.org/data/definitions/611">CWE-611 - Information Exposure Through XML External Entity Reference</a> </li>
-  <li> CWE - <a href="https://cwe.mitre.org/data/definitions/827">CWE-827 - Improper Control of Document Type Definition</a> </li>
-  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222608">Application Security and
-  Development: V-222608</a> - The application must not be vulnerable to XML-oriented attacks. </li>
+  <li>OWASP - <a href="https://owasp.org/Top10/A05_2021-Security_Misconfiguration/">Top 10 2021 Category A5 - Security Misconfiguration</a></li>
+  <li>OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)">Top 10 2017 Category A4 - XML External Entities
+  (XXE)</a></li>
+  <li>OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2023-risks/m4-insufficient-input-output-validation">Mobile Top 10 2024 Category M4
+  - Insufficient Input/Output Validation</a></li>
+  <li>OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2023-risks/m8-security-misconfiguration">Mobile Top 10 2024 Category M8 - Security
+  Misconfiguration</a></li>
+  <li>CWE - <a href="https://cwe.mitre.org/data/definitions/611">CWE-611 - Information Exposure Through XML External Entity Reference</a></li>
+  <li>CWE - <a href="https://cwe.mitre.org/data/definitions/827">CWE-827 - Improper Control of Document Type Definition</a></li>
+  <li>STIG Viewer - <a href="https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222608">Application Security and
+  Development: V-222608</a> - The application must not be vulnerable to XML-oriented attacks.</li>
 </ul>
 

java-symbolic-execution/java-symbolic-execution-plugin/src/main/resources/org/sonar/l10n/java/rules/javase/S2755.json

@@ -31,6 +31,10 @@
     "OWASP Top 10 2021": [
       "A5"
     ],
+    "OWASP Mobile Top 10 2024": [
+      "M4",
+      "M8"
+    ],
     "PCI DSS 3.2": [
       "6.5.1"
     ],

java-symbolic-execution/java-symbolic-execution-plugin/src/main/resources/org/sonar/l10n/java/rules/javase/S3546.html

@@ -5,6 +5,6 @@ <h2>Why is this an issue?</h2>
 <h2>Resources</h2>
 <h3>Related rules</h3>
 <ul>
-  <li> {rule:java:S2095} - Resources should be closed </li>
+  <li>{rule:java:S2095} - Resources should be closed</li>
 </ul>
 

java-symbolic-execution/java-symbolic-execution-plugin/src/main/resources/org/sonar/l10n/java/rules/javase/S3655.html

@@ -52,6 +52,6 @@ <h3>Compliant solution</h3>
 </pre>
 <h2>Resources</h2>
 <ul>
-  <li> CWE - <a href="https://cwe.mitre.org/data/definitions/476">CWE-476 - NULL Pointer Dereference</a> </li>
+  <li>CWE - <a href="https://cwe.mitre.org/data/definitions/476">CWE-476 - NULL Pointer Dereference</a></li>
 </ul>
 

java-symbolic-execution/java-symbolic-execution-plugin/src/main/resources/org/sonar/l10n/java/rules/javase/S3824.html

@@ -31,6 +31,6 @@ <h3>Exceptions</h3>
 <h2>Resources</h2>
 <h3>Related rules</h3>
 <ul>
-  <li> {rule:java:S6104} - Map "computeIfAbsent()" and "computeIfPresent()" should not be used to add "null" values. </li>
+  <li>{rule:java:S6104} - Map "computeIfAbsent()" and "computeIfPresent()" should not be used to add "null" values.</li>
 </ul>
 

java-symbolic-execution/java-symbolic-execution-plugin/src/main/resources/org/sonar/l10n/java/rules/javase/S3958.html

@@ -20,6 +20,6 @@ <h3>Compliant solution</h3>
 </pre>
 <h2>Resources</h2>
 <ul>
-  <li> <a href="https://docs.oracle.com/javase/8/docs/api/java/util/stream/package-summary.html#StreamOps">Stream Operations</a> </li>
+  <li><a href="https://docs.oracle.com/javase/8/docs/api/java/util/stream/package-summary.html#StreamOps">Stream Operations</a></li>
 </ul>
 

java-symbolic-execution/java-symbolic-execution-plugin/src/main/resources/org/sonar/l10n/java/rules/javase/S4449.html

@@ -24,8 +24,8 @@ <h3>Noncompliant code example</h3>
 <h3>Compliant solution</h3>
 <p>Two solutions are possible:</p>
 <ul>
-  <li> The signature of the method is correct, and null check should be done prior to the call. </li>
-  <li> The signature of the method is not coherent and should be annotated to allow null values being passed as parameter </li>
+  <li>The signature of the method is correct, and null check should be done prior to the call.</li>
+  <li>The signature of the method is not coherent and should be annotated to allow null values being passed as parameter</li>
 </ul>
 <pre>
 @javax.annotation.ParametersAreNonnullByDefault

java-symbolic-execution/java-symbolic-execution-plugin/src/main/resources/org/sonar/l10n/java/rules/javase/S6373.html

@@ -85,20 +85,24 @@ <h3>How does this work?</h3>
 <h2>Resources</h2>
 <h3>Documentation</h3>
 <ul>
-  <li> OWASP - <a href="https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#java">OWASP XXE Prevention
-  Cheat Sheet</a> </li>
-  <li> Java documentation - <a
-  href="https://docs.oracle.com/en/java/javase/13/security/java-api-xml-processing-jaxp-security-guide.html#GUID-8CD65EF5-D113-4D5C-A564-B875C8625FAC">XML External Entity Injection Attack</a> </li>
-  <li> W3C - <a href="https://www.w3.org/TR/xinclude-11/">XML Inclusions (XInclude) Version 1.1</a> </li>
+  <li>OWASP - <a href="https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#java">OWASP XXE Prevention Cheat
+  Sheet</a></li>
+  <li>Java documentation - <a
+  href="https://docs.oracle.com/en/java/javase/13/security/java-api-xml-processing-jaxp-security-guide.html#GUID-8CD65EF5-D113-4D5C-A564-B875C8625FAC">XML External Entity Injection Attack</a></li>
+  <li>W3C - <a href="https://www.w3.org/TR/xinclude-11/">XML Inclusions (XInclude) Version 1.1</a></li>
 </ul>
 <h3>Standards</h3>
 <ul>
-  <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)">Top 10 2017 - Category A4 - XML External
-  Entities (XXE)</a> </li>
-  <li> OWASP - <a href="https://owasp.org/Top10/A05_2021-Security_Misconfiguration/">Top 10 2021 - Category A5 - Security Misconfiguration</a> </li>
-  <li> CWE - <a href="https://cwe.mitre.org/data/definitions/611">CWE-611 - Improper Restriction of XML External Entity Reference</a> </li>
-  <li> CWE - <a href="https://cwe.mitre.org/data/definitions/827">CWE-827 - Improper Control of Document Type Definition</a> </li>
-  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222608">Application Security and
-  Development: V-222608</a> - The application must not be vulnerable to XML-oriented attacks. </li>
+  <li>OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)">Top 10 2017 - Category A4 - XML External
+  Entities (XXE)</a></li>
+  <li>OWASP - <a href="https://owasp.org/Top10/A05_2021-Security_Misconfiguration/">Top 10 2021 - Category A5 - Security Misconfiguration</a></li>
+  <li>OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2023-risks/m4-insufficient-input-output-validation">Mobile Top 10 2024 Category M4
+  - Insufficient Input/Output Validation</a></li>
+  <li>OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2023-risks/m8-security-misconfiguration">Mobile Top 10 2024 Category M8 - Security
+  Misconfiguration</a></li>
+  <li>CWE - <a href="https://cwe.mitre.org/data/definitions/611">CWE-611 - Improper Restriction of XML External Entity Reference</a></li>
+  <li>CWE - <a href="https://cwe.mitre.org/data/definitions/827">CWE-827 - Improper Control of Document Type Definition</a></li>
+  <li>STIG Viewer - <a href="https://stigviewer.com/stigs/application_security_and_development/2024-12-06/finding/V-222608">Application Security and
+  Development: V-222608</a> - The application must not be vulnerable to XML-oriented attacks.</li>
 </ul>
 

java-symbolic-execution/java-symbolic-execution-plugin/src/main/resources/org/sonar/l10n/java/rules/javase/S6373.json

@@ -30,6 +30,10 @@
     "OWASP Top 10 2021": [
       "A5"
     ],
+    "OWASP Mobile Top 10 2024": [
+      "M4",
+      "M8"
+    ],
     "PCI DSS 3.2": [
       "6.5.1"
     ],

java-symbolic-execution/java-symbolic-execution-plugin/src/main/resources/org/sonar/l10n/java/rules/javase/S6374.html

@@ -67,13 +67,13 @@ <h3>Exceptions</h3>
 </pre>
 <h2>Resources</h2>
 <ul>
-  <li> <a
-  href="https://docs.oracle.com/en/java/javase/13/security/java-api-xml-processing-jaxp-security-guide.html#GUID-8CD65EF5-D113-4D5C-A564-B875C8625FAC">Oracle Java Documentation</a> - XML External Entity Injection Attack </li>
-  <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)">Top 10 2017 Category A4 - XML External
-  Entities (XXE)</a> </li>
-  <li> <a href="https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#java">OWASP XXE Prevention Cheat
-  Sheet</a> </li>
-  <li> CWE - <a href="https://cwe.mitre.org/data/definitions/611">CWE-611 - Information Exposure Through XML External Entity Reference</a> </li>
-  <li> CWE - <a href="https://cwe.mitre.org/data/definitions/827">CWE-827 - Improper Control of Document Type Definition</a> </li>
+  <li><a
+  href="https://docs.oracle.com/en/java/javase/13/security/java-api-xml-processing-jaxp-security-guide.html#GUID-8CD65EF5-D113-4D5C-A564-B875C8625FAC">Oracle Java Documentation</a> - XML External Entity Injection Attack</li>
+  <li>OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)">Top 10 2017 Category A4 - XML External Entities
+  (XXE)</a></li>
+  <li><a href="https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#java">OWASP XXE Prevention Cheat
+  Sheet</a></li>
+  <li>CWE - <a href="https://cwe.mitre.org/data/definitions/611">CWE-611 - Information Exposure Through XML External Entity Reference</a></li>
+  <li>CWE - <a href="https://cwe.mitre.org/data/definitions/827">CWE-827 - Improper Control of Document Type Definition</a></li>
 </ul>