apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
nyx/tests/fixtures/xxe/java/IrrelevantXmlCall.java
Eli Peter 7d0e7320e2
new capacity bits (#67)
2026-05-07 01:29:31 -04:00

15 lines
562 B
Java
Raw Blame History

// Baseline: tainted body flows through a non-parser XML helper
// (StringBuilder concat). No XML parser entry point, no XXE label
// classification. Used to confirm taint-xxe doesn't fire on stray
// XML-adjacent string operations.
import javax.servlet.http.HttpServletRequest;
public class IrrelevantXmlCall {
public String handle(HttpServletRequest req) {
String body = req.getParameter("xml");
StringBuilder sb = new StringBuilder("<wrap>");
sb.append(body);
sb.append("</wrap>");
return sb.toString();
}
}
Reference in a new issue View git blame Copy permalink