How to Protect Text Input from XXE Attacks in Python

As we discussed in the previous article, XXE attacks can pose a major threat to your organization by denying service to users or obtaining sensitive data from a file. If you want to integrate a shield from these attacks into your system, the following API can be used in Python to detect XXE attacks from multiple text inputs in batch.

To use this API, we will run this command to install the SDK:

pip install cloudmersive-validate-api-client

Next, we will instance the API and call the function with the following code:

from __future__ import print_function
import time
import cloudmersive_validate_api_client
from cloudmersive_validate_api_client.rest import ApiException
from pprint import pprint
# Configure API key authorization: Apikey
configuration = cloudmersive_validate_api_client.Configuration()
configuration.api_key['Apikey'] = 'YOUR_API_KEY'
# create an instance of the API class
api_instance = cloudmersive_validate_api_client.TextInputApi(cloudmersive_validate_api_client.ApiClient(configuration))
request = cloudmersive_validate_api_client.XxeDetectionBatchRequest() # XxeDetectionBatchRequest |
try:
    # Protect text input from XML External Entity (XXE) attacks
    api_response = api_instance.text_input_check_xxe_batch(request)
    pprint(api_response)
except ApiException as e:
    print("Exception when calling TextInputApi->text_input_check_xxe_batch: %s\n" % e)

In order to ensure an accurate output, be sure to input your request items:

{
  "RequestItems": [
    {
      "InputText": "string",
      "AllowInternetUrls": true,
      "KnownSafeUrls": [
        "string"
      ],
      "KnownUnsafeUrls": [
        "string"
      ]
    }
  ]
}

The XXE detection status for each of your inputs will be reflected in the results! If you have questions or need your free API key, head over to the Cloudmersive website to contact our team or register for an account.