nyx/tests/fixtures/xxe/python/unsafe_xxe.py at image-builder/refresh-digests - apunkt/nyx - bitfreedom.net: free all bits, everywhere

apunkt/nyx

mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00

Eli Peter 7d0e7320e2

new capacity bits (#67 )

2026-05-07 01:29:31 -04:00

8 lines

249 B

Python

Raw Permalink Blame History

 # Unsafe: tainted XML reaches xml.sax.parseString, which is XXE-vulnerable
 # by default in Python's stdlib.
 import xml.sax
 from flask import request
 def handle():
     body = request.args.get("xml")
     return xml.sax.parseString(body, MyHandler())