mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
8 lines
243 B
Python
8 lines
243 B
Python
# Baseline: expression is a compile-time constant. No taint reaches
|
|
# `tree.xpath` so no XPATH_INJECTION finding fires.
|
|
from lxml import etree
|
|
|
|
|
|
def lookup():
|
|
tree = etree.parse("users.xml")
|
|
return tree.xpath("//user[@role='admin']")
|