XML injection (XXE)

Need

To prevent potential data exfiltration or remote command execution via XML input.

Context

• Usage of Elixir for building scalable and fault-tolerant applications

• Usage of sweet_xml for parsing and manipulating XML data

• Vulnerability: XML input parsing without proper sanitization

Description

1. Non compliant code

defmodule VulnerableApp do
  def parse(xml) do
    xml
    |> SweetXml.parse()
    |> SweetXml.xpath(~x/data)
  end
end

This code accepts and parses XML input using the SweetXml library without validating or sanitizing the input. As a result, an attacker could inject malicious XML data.

2. Steps

• Use a secure XML parser that is configured to reject DTDs (Document Type Definitions).

• Sanitize and validate all XML input to ensure it does not contain any unexpected or malicious data.

3. Secure code example

defmodule SecureApp do
  def parse(xml) do
    xml
    |> sanitize_input()
    |> SweetXml.parse()
    |> SweetXml.xpath(~x/data)
  end
  defp sanitize_input(xml) do...

This code properly sanitizes the XML input before parsing it and is configured to reject DTDs, mitigating the risk of XML injection attacks.

References

• 083. XML injection (XXE)

On this page