hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Move XML parsing PoC

Browse Source 
Since the folder where it used to live is now empty otherwise :O
This commit is contained in:
Rasmus Wriedt Larsen
2022-03-31 18:37:47 +02:00
parent 673220b231
commit 5083023aa8
5 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
python/PoCs/README.md Normal file
View File

@@ -0,0 +1 @@
A place to collect proof of concept for how certain vulnerabilities work.

0
python/ql/test/experimental/library-tests/frameworks/XML/poc/PoC.py → python/PoCs/XmlParsing/PoC.py
View File

0
python/ql/test/experimental/library-tests/frameworks/XML/poc/flag → python/PoCs/XmlParsing/flag
View File

2
python/ql/lib/semmle/python/Concepts.qll
View File

@@ -555,6 +555,8 @@ module XML {
* A kind of XML vulnerability. * A kind of XML vulnerability.
* *
* See overview of kinds at https://pypi.org/project/defusedxml/#python-xml-libraries * See overview of kinds at https://pypi.org/project/defusedxml/#python-xml-libraries
*
* See PoC at `python/PoCs/XmlParsing/PoC.py` for some tests of vulnerable XML parsing.
*/ */
class XMLParsingVulnerabilityKind extends string { class XMLParsingVulnerabilityKind extends string {
XMLParsingVulnerabilityKind() { XMLParsingVulnerabilityKind() {

1
python/ql/test/experimental/library-tests/frameworks/XML/poc/this-dir-is-not-extracted
View File

@@ -1 +0,0 @@
just FYI