How to Protect Your Applications from XML External Entity (XXE) Attacks using Go

If your application parses XML inputs, XXE (XML External Entity) attacks are likely a persistent concern. Thankfully, our XXE Detection API can put your mind at ease — it’ll provide a simple Boolean response identifying whether your input text string contained an XXE attack (true) or not (false).

This API is intended to be very simple & easy to use, and you can use it for free by registering a free account on our website (this will yield a hard & fast limit of 800 API calls per month). To structure your API call, just copy the code examples provided below (these are written in Go; additional examples are available through our API console page), and include your API key in the appropriate req.Header.Add field:

package main

import (
     "fmt"
     "strings"
     "net/http"
     "io/ioutil"
)

func main() {

     url := "https://api.cloudmersive.com/security/threat-detection/content/xxe/detect/xml/string"
     method := "POST"

     payload := strings.NewReader(`"<string>"`)

     client := &http.Client {
     }
     req, err := http.NewRequest(method, url, payload)

     if err != nil {
          fmt.Println(err)
          return
     }
     req.Header.Add("Content-Type", "application/json")
     req.Header.Add("Apikey", "YOUR-API-KEY-HERE")

     res, err := client.Do(req)
     if err != nil {
          fmt.Println(err)
          return
     }
     defer res.Body.Close()

     body, err := ioutil.ReadAll(res.Body)
     if err != nil {
          fmt.Println(err)
          return
     }
     fmt.Println(string(body))
}

That’s all there is to it!