How to Detect Text Inputs from XXE Attacks in C#

XML is currently one of the most widely used data formats for web services; its simplicity and user-friendly design makes it a top choice for many companies. However, in order to interpret XML data, an application needs an XML processor, and therein lies the risk for XML External Entity (XXE) attacks. Since anti-virus software won’t pick up on these attacks, integrating the following API into your system to automatically detect the attacks from multiple text inputs in batch can save a lot of time and headaches on the developer side. As shown in the example request below, you can choose to allow/block internet-based dependency URLs (DTDs and other external entities) or add known safe/unsafe URL lists as well:

{
  "RequestItems": [
    {
      "InputText": "string",
      "AllowInternetUrls": true,
      "KnownSafeUrls": [
        "string"
      ],
      "KnownUnsafeUrls": [
        "string"
      ]
    }
  ]
}

Now to start things off, we will install the .NET Framework client:

Install-Package Cloudmersive.APIClient.NET.Validate -Version 3.2.0

Next, we can call the function with the following code:

using System;
using System.Diagnostics;
using Cloudmersive.APIClient.NET.Validate.Api;
using Cloudmersive.APIClient.NET.Validate.Client;
using Cloudmersive.APIClient.NET.Validate.Model;
namespace Example
{
    public class TextInputCheckXxeBatchExample
    {
        public void main()
        {
            // Configure API key authorization: Apikey
            Configuration.Default.AddApiKey("Apikey", "YOUR_API_KEY");
var apiInstance = new TextInputApi();
            var request = new XxeDetectionBatchRequest(); // XxeDetectionBatchRequest |
try
            {
                // Protect text input from XML External Entity (XXE) attacks
                XxeDetectionBatchResponse result = apiInstance.TextInputCheckXxeBatch(request);
                Debug.WriteLine(result);
            }
            catch (Exception e)
            {
                Debug.Print("Exception when calling TextInputApi.TextInputCheckXxeBatch: " + e.Message );
            }
        }
    }
}

And we’re done! If you need to obtain an API key, visit the Cloudmersive website and register for a free account; this will provide access to 800 monthly calls across our library of APIs as well.