Python: Change XmlBomb vulnerability kind

2026-05-03 12:45:27 +02:00 · 2022-04-07 10:45:43 +02:00
parent f2f0873d91
commit 7728b6cf1b
12 changed files with 73 additions and 78 deletions
--- a/python/ql/src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql
+++ b/python/ql/src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql
@@ -13,13 +13,7 @@ private import python
 private import semmle.python.Concepts
 private import semmle.python.ApiGraphs

-from DataFlow::CallCfgNode call, string kinds
+from DataFlow::CallCfgNode call
 where
-  call = API::moduleImport("xmlrpc").getMember("server").getMember("SimpleXMLRPCServer").getACall() and
-  kinds =
-    strictconcat(XML::XmlParsingVulnerabilityKind kind |
-      kind.isBillionLaughs() or kind.isQuadraticBlowup()
-    |
-      kind, ", "
-    )
-select call, "SimpleXMLRPCServer is vulnerable to: " + kinds + "."
+  call = API::moduleImport("xmlrpc").getMember("server").getMember("SimpleXMLRPCServer").getACall()
+select call, "SimpleXMLRPCServer is vulnerable to XML bombs"
--- a/python/ql/src/experimental/semmle/python/security/dataflow/XmlBombCustomizations.qll
+++ b/python/ql/src/experimental/semmle/python/security/dataflow/XmlBombCustomizations.qll
@@ -41,7 +41,7 @@ module XmlBomb {
  class XmlParsingWithEntityResolution extends Sink {
    XmlParsingWithEntityResolution() {
      exists(XML::XmlParsing parsing, XML::XmlParsingVulnerabilityKind kind |
-        (kind.isBillionLaughs() or kind.isQuadraticBlowup()) and
+        kind.isXmlBomb() and
        parsing.vulnerableTo(kind) and
        this = parsing.getAnInput()
      )