Open in app

Sign in

Write

Sign in

How to Protect Text Input from XML External Entity (XXE) Attacks using Java

Cloudmersive
2 min readApr 1, 2022

A poorly configured XML parser can lead to a successful XML External Entity attack, leaving the door open for well-disguised malicious content to slip through your nets. Rather than test a new XML string on your parser and hope for the best, you can check text for XXE ahead of time using our XXE detection API. Your API call return the value “true” if an XXE attack was detected, or “false” if not, as indicated in the example response model below:

{
  "Successful": true,
  "ContainedXxe": true
}

Setting up this API in your Java environment is easy with ready-to-run code examples from our API console page. Just follow the below instructions to install with Maven, add your API key and input string where indicated in the code documentation, and you’re good to go.

Start by adding the below reference to the repository in pom.xml:

<repositories>
    <repository>
        <id>jitpack.io</id>
        <url>https://jitpack.io</url>
    </repository>
</repositories>

Now add the below reference to the dependency in pom.xml:

<dependencies>
<dependency>
    <groupId>com.github.Cloudmersive</groupId>
    <artifactId>Cloudmersive.APIClient.Java</artifactId>
    <version>v4.25</version>
</dependency>
</dependencies>

Last but not least, call the function

// Import classes:
//import com.cloudmersive.client.invoker.ApiClient;
//import com.cloudmersive.client.invoker.ApiException;
//import com.cloudmersive.client.invoker.Configuration;
//import com.cloudmersive.client.invoker.auth.*;
//import com.cloudmersive.client.ContentThreatDetectionApi;ApiClient defaultClient = Configuration.getDefaultApiClient();// Configure API key authorization: Apikey
ApiKeyAuth Apikey = (ApiKeyAuth) defaultClient.getAuthentication("Apikey");
Apikey.setApiKey("YOUR API KEY");
// Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null)
//Apikey.setApiKeyPrefix("Token");ContentThreatDetectionApi apiInstance = new ContentThreatDetectionApi();
String value = "value_example"; // String | User-facing text input.
try {
    StringXxeDetectionResult result = apiInstance.contentThreatDetectionCheckXxe(value);
    System.out.println(result);
} catch (ApiException e) {
    System.err.println("Exception when calling ContentThreatDetectionApi#contentThreatDetectionCheckXxe");
    e.printStackTrace();
}
Xxe
Java
Maven
Security
API

--

--

Cloudmersive

Written by Cloudmersive

585 Followers

There’s an API for that. Cloudmersive is a leader in Highly Scalable Cloud APIs.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams