apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
nyx/tests/fixtures/xxe/ruby/unsafe_xxe.rb
Eli Peter 7d0e7320e2
new capacity bits (#67)
2026-05-07 01:29:31 -04:00

9 lines
270 B
Ruby
Raw Permalink Blame History

# Unsafe: tainted XML reaches REXML::Document.new, the legacy default-vulnerable
# pure-Ruby XML parser that resolves external entities by default.
require "rexml/document"
def handle(params)
body = params["xml"]
doc = REXML::Document.new(body)
doc.root.text
end
Reference in a new issue View git blame Copy permalink