mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-06 19:35:13 +02:00
8 lines
249 B
Python
8 lines
249 B
Python
# Unsafe: tainted XML reaches xml.sax.parseString, which is XXE-vulnerable
|
|
# by default in Python's stdlib.
|
|
import xml.sax
|
|
from flask import request
|
|
|
|
def handle():
|
|
body = request.args.get("xml")
|
|
return xml.sax.parseString(body, MyHandler())
|