I've got the next finding in my veracode report: Improper Restriction of XML External Entity Reference ('XXE') (CWE ID 611) referring the next code bellow
...
DocumentBuilderFactory dbf=null;
DocumentBuilder db = null;
try {
dbf=DocumentBuilderFactory.newInstance();
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
dbf.setExpandEntityReferences(false);
dbf.setXIncludeAware(false);
dbf.setValidating(false);
dbf.newDocumentBuilder();
InputStream stream = new ByteArrayInputStream(datosXml.getBytes());
Document doc = db.parse(stream, "");
...
I've been researching but I haven't found out a reason for this finding or a way of making it disappear. Could you tell me how to do it?