Security XML reading cc4m_logo_inline

IDSECURITY-4
TitleWhen reading an XML file, set the AllowDoctype option to false.
PriorityMandatory
Severity level3
DescriptionWhen using the xmlread or matlab.io.xml.dom.Parser functions, make sure to set AllowDoctype to false.
RationaleIn XML, doc type definitions can contain exploding content that -if not caught- can cause unexpected behavior. Therefore, doc types should not be allowed to be read.

Avoid:

content = xmlread(myFile);
p = matlab.io.xml.dom.Parser();
p.Configuration.AllowDoctype = true;
p.parseFile(myFile);

Instead use:

content = xmlread(myFile, "AllowDoctype", false);

% For matlab.io.xml.dom.Parser configurations, AllowDoctype is false by default.
p = matlab.io.xml.dom.Parser();
p.parseFile(myFile);