XML injection (XXE) - Elixir

Need

To prevent potential data exfiltration or remote command execution via XML input.

Context

Usage of Elixir for building scalable and fault-tolerant applications
Usage of sweet_xml for parsing and manipulating XML data
Vulnerability: XML input parsing without proper sanitization

Description

Non compliant code

        defmodule VulnerableApp do
  def parse(xml) do
    xml
    |> SweetXml.parse()
    |> SweetXml.xpath(~x/data)
  end
end

This code accepts and parses XML input using the SweetXml library without validating or sanitizing the input. As a result, an attacker could inject malicious XML data.

Steps

Use a secure XML parser that is configured to reject DTDs (Document Type Definitions).
Sanitize and validate all XML input to ensure it does not contain any unexpected or malicious data.

Compliant code

        defmodule SecureApp do
  def parse(xml) do
    xml
    |> sanitize_input()
    |> SweetXml.parse()
    |> SweetXml.xpath(~x/data)
  end

  defp sanitize_input(xml) do
    # Add your sanitization logic here
  end
end

This code properly sanitizes the XML input before parsing it and is configured to reject DTDs, mitigating the risk of XML injection attacks.

References

083. XML injection (XXE)