AC-10815 - API Input validation

Author: sreenia806

lib/internal/Magento/Framework/Webapi/ServiceInputProcessor.php

@@ -247,6 +247,10 @@ private function getConstructorData(string $className, array $data): array
                 $parameterType = $this->typeProcessor->getParamType($parameter);
 
                 try {
+                    if (strtolower($parameter->getName()) === "sourcedata" && $parameterType === "\Magento\Framework\Simplexml\Element") {
+                        throw new InputException(new Phrase('Request method is invalid.'));
+                    }
+
                     $res[$parameter->getName()] = $this->convertValue($data[$parameter->getName()], $parameterType);
                 } catch (\ReflectionException $e) {
                     // Parameter was not correclty declared or the class is uknown.