Python: Move XML parsing PoC

Since the folder where it used to live is now empty otherwise :O
2025-12-16 08:43:11 +01:00 · 2022-03-31 18:37:47 +02:00
parent 673220b231
commit 5083023aa8
5 changed files with 3 additions and 1 deletions
--- a/python/PoCs/README.md
+++ b/python/PoCs/README.md
@@ -0,0 +1 @@
+A place to collect proof of concept for how certain vulnerabilities work.
--- a/python/ql/test/experimental/library-tests/frameworks/XML/poc/PoC.py
+++ b/python/ql/test/experimental/library-tests/frameworks/XML/poc/PoC.py
--- a/python/ql/test/experimental/library-tests/frameworks/XML/poc/flag
+++ b/python/ql/test/experimental/library-tests/frameworks/XML/poc/flag
--- a/python/ql/lib/semmle/python/Concepts.qll
+++ b/python/ql/lib/semmle/python/Concepts.qll
@@ -555,6 +555,8 @@ module XML {
   * A kind of XML vulnerability.
   *
   * See overview of kinds at https://pypi.org/project/defusedxml/#python-xml-libraries
+   *
+   * See PoC at `python/PoCs/XmlParsing/PoC.py` for some tests of vulnerable XML parsing.
   */
  class XMLParsingVulnerabilityKind extends string {
    XMLParsingVulnerabilityKind() {
--- a/python/ql/test/experimental/library-tests/frameworks/XML/poc/this-dir-is-not-extracted
+++ b/python/ql/test/experimental/library-tests/frameworks/XML/poc/this-dir-is-not-extracted
@@ -1 +0,0 @@
-just FYI
				`@@ -0,0 +1 @@`
				`A place to collect proof of concept for how certain vulnerabilities work.`