From 5083023aa80238c58811aa7e56df6dddf4e6b33a Mon Sep 17 00:00:00 2001
From: Rasmus Wriedt Larsen <rasmuswl@github.com>
Date: Thu, 31 Mar 2022 18:37:47 +0200
Subject: [PATCH] Python: Move XML parsing PoC

Since the folder where it used to live is now empty otherwise :O
---
 python/PoCs/README.md                                           | 1 +
 .../library-tests/frameworks/XML/poc => PoCs/XmlParsing}/PoC.py | 0
 .../library-tests/frameworks/XML/poc => PoCs/XmlParsing}/flag   | 0
 python/ql/lib/semmle/python/Concepts.qll                        | 2 ++
 .../library-tests/frameworks/XML/poc/this-dir-is-not-extracted  | 1 -
 5 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 python/PoCs/README.md
 rename python/{ql/test/experimental/library-tests/frameworks/XML/poc => PoCs/XmlParsing}/PoC.py (100%)
 rename python/{ql/test/experimental/library-tests/frameworks/XML/poc => PoCs/XmlParsing}/flag (100%)
 delete mode 100644 python/ql/test/experimental/library-tests/frameworks/XML/poc/this-dir-is-not-extracted

diff --git a/python/PoCs/README.md b/python/PoCs/README.md
new file mode 100644
index 00000000000..20eeb5dbd78
--- /dev/null
+++ b/python/PoCs/README.md
@@ -0,0 +1 @@
+A place to collect proof of concept for how certain vulnerabilities work.
diff --git a/python/ql/test/experimental/library-tests/frameworks/XML/poc/PoC.py b/python/PoCs/XmlParsing/PoC.py
similarity index 100%
rename from python/ql/test/experimental/library-tests/frameworks/XML/poc/PoC.py
rename to python/PoCs/XmlParsing/PoC.py
diff --git a/python/ql/test/experimental/library-tests/frameworks/XML/poc/flag b/python/PoCs/XmlParsing/flag
similarity index 100%
rename from python/ql/test/experimental/library-tests/frameworks/XML/poc/flag
rename to python/PoCs/XmlParsing/flag
diff --git a/python/ql/lib/semmle/python/Concepts.qll b/python/ql/lib/semmle/python/Concepts.qll
index b553c8d927d..b1727e4829d 100644
--- a/python/ql/lib/semmle/python/Concepts.qll
+++ b/python/ql/lib/semmle/python/Concepts.qll
@@ -555,6 +555,8 @@ module XML {
    * A kind of XML vulnerability.
    *
    * See overview of kinds at https://pypi.org/project/defusedxml/#python-xml-libraries
+   *
+   * See PoC at `python/PoCs/XmlParsing/PoC.py` for some tests of vulnerable XML parsing.
    */
   class XMLParsingVulnerabilityKind extends string {
     XMLParsingVulnerabilityKind() {
diff --git a/python/ql/test/experimental/library-tests/frameworks/XML/poc/this-dir-is-not-extracted b/python/ql/test/experimental/library-tests/frameworks/XML/poc/this-dir-is-not-extracted
deleted file mode 100644
index b1925ade1d3..00000000000
--- a/python/ql/test/experimental/library-tests/frameworks/XML/poc/this-dir-is-not-extracted
+++ /dev/null
@@ -1 +0,0 @@
-just FYI