Minimize API vulnerabilities using XML threat protection

Was this helpful?

Any server that receives online data is subject to attack, whether maliciously or unintentionally. Some attacks take advantage of the flexibility of XML by constructing invalid documents that compromise back-end systems. Corrupt or extremely complex XML documents can cause ervers to allocate more memory than is available, tying up CPU and memory resources, crashing parsers, and generally disabling message processing and creating application-level denial-of-service attacks.

The API Platform enables you to enforce XMLThreatProtection policies that address XML vulnerabilities and minimize attacks on your API.

You can screen against XML threats using the following approaches:

  • Validate messages against an XML schema (.xsd)
  • Evaluate message content for specific black-listed keywords or patterns
  • Detect corrupt or malformed messages before those messages are parsed

The XMLThreatProtection policy can detect XML payload attacks based on configured limits.

Note: All limits are optional. If a limit is not specified, the system applies a default value of -1 (the system equates a negative value to no limit).

Back to top

Configuring the XMLThreatProtection policy

Configure the Threat Protection policy using the following elements.

Field Name Description
Source
Request that needs to be validated for XML payload attacks.
StructuralLimits (Optional) NodeDepth
Specifies the maximum node depth allowed in the XML.
Valid value: Integer
AttributeCountPerElement
Specifies the maximum number of attributes allowed in an element.
Valid value: Integer
Example:
<e1 attr1="val1" attr2="val2">
    <e2 xmlns="http://apigee.com" xmlns:yahoo="http://yahoo.com" one="1" yahoo:two="2"/>
</e1>
Here <e1> has 2 attributes and <e2> also has 2 attributes. Note that attributes used for defining namespaces are not counted.
NamespaceCountPerElement
Specifies the maximum number of namespace definitions allowed in an element.
Valid value: Integer
Example:
<e1 attr1="val1" attr2="val2">
    <e2 xmlns="http://apigee.com" xmlns:yahoo="http://yahoo.com" one="1" yahoo:two="2"/>
</e1>
Here <e1> has 0 namespace definitions and <e2> has 2 namespace definitions. Note that attributes used for defining namespaces are not counted.
ChildCount
Specifies the maximum number of children allowed in an element.
Valid value: Integer
ValueLimits (Optional) Text
Specifies the maximum text value.
Valid value: Integer
Example:
<a>this is text</a>
The value of the text this is text is checked for the specified limit.
Attribute
Specifies the maximum attribute value.
Valid value: Integer
Example:
<ns1:myelem xmlns:ns1="http://ns1.com" ns1:attr1="val1"/>
The attribute value val1 is checked for the specified limit.
Namespace
Specifies the maximum namespace value.
Valid value: Integer
Example:
<ns1:myelem xmlns:ns1="http://ns1.com"/>
The namespace value http://ns1.com is checked for the specified limit.
Comment
Specifies the maximum comment value.
Valid value: Integer
ProcessingInstructionData
Specifies the maximum processing instruction value.
Valid value: Integer
Example:
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
The value of processing instruction version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" is checked for the specified limit.
NameLimits (Optional) Element
Specifies the maximum number of characters in the element.
Valid value: Integer
Example:
<ns1:myelem xmlns:ns1="http://ns1.com"/>
The element myelem is checked for the specified limit.
Attribute
Specifies the maximum number of characters in the attribute.
Valid value: Integer
Example:
<ns1:myelem xmlns:ns1="http://ns1.com" ns1:attr1="val1"/>
The attribute attr1 is checked for the specified limit.
Prefix
Specifies the maximum number of characters in the namespace prefix.
Valid value: Integer
Example:
<ns1:myelem xmlns:ns1="http://ns1.com"/>
The prefix ns1 is check for the specified limit.
ProcessingInstructionTarget
Specifies the maximum number of characters in the target of processing instruction.
Valid value: Integer
Example:
<xsl:stylesheet version="1.0"
          xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
The target of processing instruction xsl:stylesheet is checked for specified limit.
Back to top

Policy schema

Each policy must conform to a policy schema. All policy constructs such as elements and attributes mentioned above are defined in a schema. To download the schema, click here.

Example - XMLThreatProtection policy

<XMLThreatProtection name="mypolicy">
    <Source>request</Source>
    <StructureLimits>
        <NodeDepth>5</NodeDepth>
        <AttributeCountPerElement>3</AttributeCountPerElement>
        <NamespaceCountPerElement>2</NamespaceCountPerElement>
        <ChildCount includeText="true"
                    includeComment="true"
                    includeProcessingInstruction="true"
                    includeElement="true">3</ChildCount>
    </StructureLimits>
    <ValueLimits>
         <Text>15</Text>
         <Attribute>10</Attribute>
         <Namespace>10</Namespace>
         <Comment>10</Comment>
         <ProcessingInstructionData>10</ProcessingInstructionData>
    </ValueLimits>
    <NameLimits>
          <Element>10</Element>
          <Attribute>10</Attribute>
          <Prefix>10</Prefix>
          <ProcessingInstructionTarget>10</ProcessingInstructionTarget>
    </NameLimits>
</XMLThreatProtection>

Back to top