How to Identify XML External Entity Threats with a Low-Code API Solution in Node.js

Using external security services in our web applications can improve our threat profile while reducing the amount of code we run on our own servers.

Using the below code, we can take advantage of a free API to process XML strings and automatically look for external entities within them. External entity attacks are designed to exploit insecure XML parsers; along with following best configuration practices, including some redundancy to check for XXE threats significantly reduces our likelihood of falling victim to an XXE attack.

We can structure our API call in a few quick steps, but our first task is to retrieve a free-tier API key for authorization. These allow a limit of 800 API calls per month with no commitments — great for getting projects off the ground.

With our API key in hand, we can install the SDK by either running this command:

npm install cloudmersive-security-api-client --save

Or by adding this snippet to our package.json:

  "dependencies": {
    "cloudmersive-security-api-client": "^1.2.0"
  }

Finally, we can copy the below code into our file and configure our request parameters:

var CloudmersiveSecurityApiClient = require('cloudmersive-security-api-client');
var defaultClient = CloudmersiveSecurityApiClient.ApiClient.instance;

// Configure API key authorization: Apikey
var Apikey = defaultClient.authentications['Apikey'];
Apikey.apiKey = 'YOUR API KEY';



var apiInstance = new CloudmersiveSecurityApiClient.ContentThreatDetectionApi();

var value = "value_example"; // String | User-facing text input.


var callback = function(error, data, response) {
  if (error) {
    console.error(error);
  } else {
    console.log('API called successfully. Returned data: ' + data);
  }
};
apiInstance.contentThreatDetectionCheckXxe(value, callback);

Just like that, we have a new method for detecting XML External Entity threats.