- Syvizo API Management Platform
- Overview
- Getting Started
- Manage Users and Accesses
- Design APIs
- Publish API
- Collaborate
- Validate APIs
- Manage API Flows
- Flow Management
- API Flow Manager
- Policies
- Traffic Management
- Security
- Transformation
- Extension
- Insights
Handle XML Threat
When to use
Use this policy when you have an API that accepts XML and you want to ensure that the XML contents are safe to process
Details
Every server that handles online data is vulnerable to attacks, whether they are intentional acts of malice or unintended consequences. Certain attacks exploit the flexible nature of XML by constructing invalid documents that can put back-end systems at risk. Corrupted or excessively complex XML documents have the potential to exhaust server resources by consuming more memory than is available. This can lead to CPU and memory resource constraints, parser crashes, and overall disruption of message processing. In effect, these attacks can result in application-level denial-of-service scenarios, rendering the system inaccessible or significantly impairing its functionality.
You can handle these risks by adding this policy to the endpoints that process XML content.
Configuration
The configuration fields for the policy are:
[* Indicates a mandatory field]
Name *: Display name of the policy
Description: Description of policy
Enabled: Flag to indicate if the policy is enabled. If this field is not checked, the policy will be ignored at runtime and any fields from its output will contain a default initial value
Continue on Error: Flag to indicate that the flow should continue even if this policy throws an error
Element Name Length: String length of element names in XML
Attribute Name Length: String length of attribute names in XML
Namespace Prefix Length: String length of namespace prefixes in XML
Node Depth: Maximum allowed value for Node depth or the levels of nesting for XML elements
Attribute Count Per Element: The maximum number of allowed attributes for elements
Namespace Count Per Element: The maximum number of allowed namespaces for elements
Child Count Per Element: The maximum number of children for an element. The children include elements, text, processing instructions and comments under element
Text Value Length: String length of value of text nodes
Attribute Value Length: String length of value of attributes
Namespace URI Length: String length of namespace URIs
Comment Length: String length of comments
Processing Instruction Length: String length of processing instructions
Input fields
source: XML that needs to be evaluated for threats
Output fields
result: If the XML passes threat checks then returns true otherwise returns false
message: Describes the threat if any found otherwise returns empty string