nyx/tests/fixtures/xpath_injection/ruby/baseline_constant_xpath.rb

mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
# Baseline: expression is a compile-time constant.  No taint reaches
# `doc.xpath` so no XPATH_INJECTION finding fires.
require 'nokogiri'

def lookup
  doc = Nokogiri::XML(File.read("users.xml"))
  doc.xpath("//user[@role='admin']")
end
new capacity bits (#67) 2026-05-07 01:29:31 -04:00			`# Baseline: expression is a compile-time constant. No taint reaches`
			# `doc.xpath` so no XPATH_INJECTION finding fires.
			`require 'nokogiri'`

			`def lookup`
			`doc = Nokogiri::XML(File.read("users.xml"))`
			`doc.xpath("//user[@role='admin']")`
			`end`