Class LocalOnlyXmlResolver

Namespace

EInvoice.Core.Validation

Assembly

EInvoice.Core.dll

An XML resolver that restricts URI resolution to files within a specific base directory. Prevents SSRF and path-traversal attacks during XSD schema loading.

public sealed class LocalOnlyXmlResolver : XmlResolver

Inheritance

object

XmlResolver

LocalOnlyXmlResolver

Inherited Members

XmlResolver.GetEntityAsync(Uri, string, Type)

XmlResolver.ResolveUri(Uri, string)

XmlResolver.SupportsType(Uri, Type)

XmlResolver.Credentials

XmlResolver.ThrowingResolver

XmlResolver.FileSystemResolver

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.ReferenceEquals(object, object)

object.ToString()

Constructors

LocalOnlyXmlResolver(string)

Creates a resolver that only allows access to files within basePath.

public LocalOnlyXmlResolver(string basePath)

Parameters

basePath string

The root directory from which file access is permitted.

Methods

GetEntity(Uri, string?, Type?)

When overridden in a derived class, maps a URI to an object that contains the actual resource.

public override object? GetEntity(Uri absoluteUri, string? role, Type? ofObjectToReturn)

Parameters

absoluteUri Uri

The URI returned from ResolveUri(Uri, string).

role string

Currently not used.

ofObjectToReturn Type

The type of object to return. The current version only returns System.IO.Stream objects.

Returns

object

A stream object or null if a type other than stream is specified.

Exceptions

XmlException

ofObjectToReturn is not a Stream type.

UriFormatException

The specified URI is not an absolute URI.

ArgumentNullException

absoluteUri is null.

Exception

There is a runtime error (for example, an interrupted server connection).