C Sharp Schema By Url
Description
Detects potential XML External Entity (XXE) vulnerabilities in C# code where XML schemas are loaded from URLs using XmlSchemaCollection.Add(). Loading XML schemas from untrusted URLs can lead to XXE attacks if the schema contains malicious external entity references.
Detection Strategy
• Identifies usage of XmlSchemaCollection objects in the code
• Looks for .Add() method calls on XmlSchemaCollection instances
• Verifies that all arguments to the Add() method are hardcoded string literals
• Reports a vulnerability when an XmlSchemaCollection.Add() call is found with literal URL arguments, as these could potentially reference malicious schemas
Vulnerable code example
using System;
using System.Xml.Schema;
class XmlExample {
public void LoadSchema() {
XmlSchemaCollection xsc = new XmlSchemaCollection();
xsc.Add("urn:schema", "external.xsd"); // Vulnerable: Loads external schema without restrictions
}...✅ Secure code example
using System;
using System.Xml.Schema;
using System.Xml;
class XmlExample {
public void LoadSchema() {
XmlSchemaCollection xsc = new XmlSchemaCollection();
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.