Objects that parse or handle XML data can lead to XML External Entity (XXE) attacks when not configured properly. Improper restriction of XML external entity processing can lead to server-side request forgery and information disclosure.
1def xml_external_entity_noncompliant()
2 # Noncompliant: Disabling encryption of sensitive data
3 config.force_ssl = false
4end
1def xml_external_entity_compliant()
2 # Compliant: Sensitive data is encrypted
3 config.force_ssl = true
4end