nyx/tests/fixtures/xxe/python/unsafe_xxe.py

mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
# Unsafe: tainted XML reaches xml.sax.parseString, which is XXE-vulnerable
# by default in Python's stdlib.
import xml.sax
from flask import request

def handle():
    body = request.args.get("xml")
    return xml.sax.parseString(body, MyHandler())
new capacity bits (#67) 2026-05-07 01:29:31 -04:00			`# Unsafe: tainted XML reaches xml.sax.parseString, which is XXE-vulnerable`
			`# by default in Python's stdlib.`
			`import xml.sax`
			`from flask import request`

			`def handle():`
			`body = request.args.get("xml")`
			`return xml.sax.parseString(body, MyHandler())`