nyx/tests/fixtures/xxe/ruby/unsafe_xxe.rb

10 lines
270 B
Ruby
Raw Normal View History

2026-05-07 01:29:31 -04:00
# Unsafe: tainted XML reaches REXML::Document.new, the legacy default-vulnerable
# pure-Ruby XML parser that resolves external entities by default.
require "rexml/document"
def handle(params)
body = params["xml"]
doc = REXML::Document.new(body)
doc.root.text
end