Open in app

Sign in

Write

Sign in

How to Check Files for XML External Entities using Go

Cloudmersive
2 min readJun 16, 2023

--

Using the ready-to-run Golang code examples provided below, you can quickly and easily take advantage of a free Advanced Virus Scan API. This API scans files for millions of virus and malware signatures, and it allows you to set custom policies against hidden non-malware threats.

XML External Entity (XXE) attacks are commonly used to exploit weakly configured data parses; setting the (“allowXmlExternalEntities”, “<boolean>”) parameter to “false” makes it straightforward to detect and block XXE threats embedded within files.

To take advantage of this API, copy and paste the Golang code examples provided below:

package main

import (
     "fmt"
     "bytes"
     "mime/multipart"
     "os"
     "path/filepath"
     "io"
     "net/http"
     "io/ioutil"
)

func main() {

     url := "https://api.cloudmersive.com/virus/scan/file/advanced"
     method := "POST"

     payload := &bytes.Buffer{}
     writer := multipart.NewWriter(payload)
     file, errFile1 := os.Open("/path/to/file")
     defer file.Close()
     part1,
         errFile1 := writer.CreateFormFile("inputFile",filepath.Base("/path/to/file"))
     _, errFile1 = io.Copy(part1, file)
     if errFile1 != nil {
          fmt.Println(errFile1)
          return
     }
     err := writer.Close()
     if err != nil {
          fmt.Println(err)
          return
     }


     client := &http.Client {
     }
     req, err := http.NewRequest(method, url, payload)

     if err != nil {
          fmt.Println(err)
          return
     }
     req.Header.Add("allowExecutables", "<boolean>")
     req.Header.Add("allowInvalidFiles", "<boolean>")
     req.Header.Add("allowScripts", "<boolean>")
     req.Header.Add("allowPasswordProtectedFiles", "<boolean>")
     req.Header.Add("allowMacros", "<boolean>")
     req.Header.Add("allowXmlExternalEntities", "<boolean>")
     req.Header.Add("allowInsecureDeserialization", "<boolean>")
     req.Header.Add("allowHtml", "<boolean>")
     req.Header.Add("restrictFileTypes", "<string>")
     req.Header.Add("Content-Type", "multipart/form-data")
     req.Header.Add("Apikey", "YOUR-API-KEY-HERE")

     req.Header.Set("Content-Type", writer.FormDataContentType())
     res, err := client.Do(req)
     if err != nil {
          fmt.Println(err)
          return
     }
     defer res.Body.Close()

     body, err := ioutil.ReadAll(res.Body)
     if err != nil {
          fmt.Println(err)
          return
     }
     fmt.Println(string(body))
}

You can call this API up to 800 times per month for free with a free-tier Cloudmersive API key. That’s all there is to it — no more code required!

API
Golang
Xxe
Xxe Attack
Virus Scan

--

--

Cloudmersive

Written by Cloudmersive

667 Followers

There’s an API for that. Cloudmersive is a leader in Highly Scalable Cloud APIs.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams