mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
9 lines
244 B
Python
9 lines
244 B
Python
|
# Baseline: tainted body flows through a non-parser string operation.
|
||
|
|
# No XML parser entry point, no XXE label classification.
|
||
|
|
from flask import request
|
||
|
|
|
||
|
|
|
||
|
|
def handle():
|
||
|
|
body = request.args.get("xml")
|
||
|
|
return "<wrap>" + body + "</wrap>"
|