mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
8 lines
244 B
Python
8 lines
244 B
Python
# Baseline: tainted body flows through a non-parser string operation.
|
|
# No XML parser entry point, no XXE label classification.
|
|
from flask import request
|
|
|
|
|
|
def handle():
|
|
body = request.args.get("xml")
|
|
return "<wrap>" + body + "</wrap>"
|