XML injection (XXE)
Need
To prevent potential data exfiltration or remote command execution via XML input.
Context
- Usage of Elixir for building scalable and fault-tolerant applications
- Usage of sweet_xml for parsing and manipulating XML data
- Vulnerability: XML input parsing without proper sanitization
Description
Non compliant code
defmodule VulnerableApp do
def parse(xml) do
xml
|> SweetXml.parse()
|> SweetXml.xpath(~x/data)
end
end
This code accepts and parses XML input using the SweetXml library without validating or sanitizing the input. As a result, an attacker could inject malicious XML data.
Steps
- Use a secure XML parser that is configured to reject DTDs (Document Type Definitions).
- Sanitize and validate all XML input to ensure it does not contain any unexpected or malicious data.
Compliant code
defmodule SecureApp do
def parse(xml) do
xml
|> sanitize_input()
|> SweetXml.parse()
|> SweetXml.xpath(~x/data)
end
defp sanitize_input(xml) do
# Add your sanitization logic here
end
end
This code properly sanitizes the XML input before parsing it and is configured to reject DTDs, mitigating the risk of XML injection attacks.