Cloudmersive

May 7, 2021

2 min read

Check HTML Text for SSRF Threats in Java

Wondering how you can protect you and your business from SSRF attacks? If so, you’ve come to the right place. In this brief tutorial, we will demonstrate how to use an API in Java to detect SSRF attacks and unsafe URL attacks from HTML text input; this will prevent malicious attempts to access vulnerable local or network paths in the server environment via HTML injection.

To begin, we will install the Maven SDK by adding a reference to the repository in pom.xml:

<repositories>
<repository>
<id>jitpack.io</id>
<url>https://jitpack.io</url>
</repository>
</repositories>

Next, we will add a reference to the dependency:

<dependencies>
<dependency>
<groupId>com.github.Cloudmersive</groupId>
<artifactId>Cloudmersive.APIClient.Java</artifactId>
<version>v3.90</version>
</dependency>
</dependencies>

Now that the installation is complete, we’re ready to add the imports to the top of the controller and call the validation function:

// Import classes:
//import com.cloudmersive.client.invoker.ApiClient;
//import com.cloudmersive.client.invoker.ApiException;
//import com.cloudmersive.client.invoker.Configuration;
//import com.cloudmersive.client.invoker.auth.*;
//import com.cloudmersive.client.TextInputApi;
ApiClient defaultClient = Configuration.getDefaultApiClient();// Configure API key authorization: Apikey
ApiKeyAuth Apikey = (ApiKeyAuth) defaultClient.getAuthentication("Apikey");
Apikey.setApiKey("YOUR API KEY");
// Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null)
//Apikey.setApiKeyPrefix("Token");
TextInputApi apiInstance = new TextInputApi();
String value = "value_example"; // String | User-facing HTML input.
try {
HtmlSsrfDetectionResult result = apiInstance.textInputCheckHtmlSsrf(value);
System.out.println(result);
} catch (ApiException e) {
System.err.println("Exception when calling TextInputApi#textInputCheckHtmlSsrf");
e.printStackTrace();
}

This will promptly return a result indicating if your user-facing input is free from SSRF threats