How to Validate an HTML File AND Check it for SSRF Threats using Java

Invalid files can are a nuisance in your database at the best of times. When it comes to HTML files, inconvenience is the least of your concerns. These files can be a serious threat to your entire system, potentially containing SSRF (Server-Side Request Forgery) attacks which are commonly employed to circumvent firewalls and wreak havoc on the server side. Thankfully, your HTML threat profile can be improved with a simple API service. With our HTML Validation API, you can easily check the validity of incoming HTML files before storing them in your database, and find out whether or not a SSRF attack was present. In the below demonstration, we’ll walk through how to easily leverage two iterations of this API and structure our call using ready-to-run code snippets in Java.

To begin, we will install the Java SDK. Include a reference in the pom.xml repository:

<repositories>
<repository>
<id>jitpack.io</id>
<url>https://jitpack.io</url>
</repository>
</repositories>

Then include a reference in the dependency:

<dependencies>
<dependency>
<groupId>com.github.Cloudmersive</groupId>
<artifactId>Cloudmersive.APIClient.Java</artifactId>
<version>v4.25</version>
</dependency>
</dependencies>

With installation complete, let’s move on to the API call. This first code block will fully validate your HTML file without checking for SSRF attacks, providing information on whether or not the file was password-protected, contained errors/warnings, and more:

ApiClient defaultClient = Configuration.getDefaultApiClient();// Configure API key authorization: Apikey
ApiKeyAuth Apikey = (ApiKeyAuth) defaultClient.getAuthentication("Apikey");
Apikey.setApiKey("YOUR API KEY");
// Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null)
//Apikey.setApiKeyPrefix("Token");
ValidateDocumentApi apiInstance = new ValidateDocumentApi();
File inputFile = new File("/path/to/inputfile"); // File | Input file to perform the operation on.
try {
DocumentValidationResult result = apiInstance.validateDocumentHtmlValidation(inputFile);
System.out.println(result);
} catch (ApiException e) {
System.err.println("Exception when calling ValidateDocumentApi#validateDocumentHtmlValidation");
e.printStackTrace();
}

The following code block will instead provide Booleans determining if the file is valid & if a threat is present. If an SSRF threat is detected, two threat links will be provided as strings in your API response, providing the Link URL and determining the Threat Level:

// Import classes:
//import com.cloudmersive.client.invoker.ApiClient;
//import com.cloudmersive.client.invoker.ApiException;
//import com.cloudmersive.client.invoker.Configuration;
//import com.cloudmersive.client.invoker.auth.*;
//import com.cloudmersive.client.ValidateDocumentApi;
ApiClient defaultClient = Configuration.getDefaultApiClient();// Configure API key authorization: Apikey
ApiKeyAuth Apikey = (ApiKeyAuth) defaultClient.getAuthentication("Apikey");
Apikey.setApiKey("YOUR API KEY");
// Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null)
//Apikey.setApiKeyPrefix("Token");
ValidateDocumentApi apiInstance = new ValidateDocumentApi();
File inputFile = new File("/path/to/inputfile"); // File | Input file to perform the operation on.
try {
HtmlSsrfThreatCheckResult result = apiInstance.validateDocumentHtmlSsrfValidation(inputFile);
System.out.println(result);
} catch (ApiException e) {
System.err.println("Exception when calling ValidateDocumentApi#validateDocumentHtmlSsrfValidation");
e.printStackTrace();
}

Both API iterations will require your input file and Cloudmersive API key as parameters. To get an API key, visit our website and register a free account.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cloudmersive

Cloudmersive

There’s an API for that. Cloudmersive is a leader in Highly Scalable Cloud APIs.