Maxoccurs = unbounded is recommended or any fixed number in a schema RRS feed

  • Question

  • hi Team,

    As part of security scan on the code, the source team has approached the integration (BizTalk) team asking to change the max occurs value from unbounded to a fixed number.

    Can anyone please tell me, as the basic nature of BizTalk is  max occurs to be unbounded, please tell me if changing it to a fixed number is correct thing to do? The source team is forcing us to do the change. Need suggestions on this. Kindly help

    Friday, October 11, 2019 6:17 AM

All replies

  • There's nothing wrong with using maxOccurs="unbounded" in XSD.

    Security scan result you are talking about, may be because of some weakness in particular XML software or it wanting to avoid buffer overruns

    I would suggest instead of any speculation, check with your functional requirement team to provide you specific fixed number or ask your security team to ignore this warning or they can provide any a specific reference.

    Friday, October 11, 2019 8:35 AM
  • By default, In BizTalk the max occurs value is blank or no value - which means 1

    This can be set any values based on the requirement. The maximum value accepted for max occurs is 4095. If you need a greater value or if you don't know how many times the element or record would be repeating - then use "unbounded" or " * "

    So if you know the max value already or if the source team has a fixed value or max value, then there are no issues in changing that.

    The following link has more information on this

    Max Occurs

    • Edited by - Anand - Saturday, October 12, 2019 6:04 PM
    Saturday, October 12, 2019 9:42 AM