Python: Port xmltodict tests

2026-05-02 12:15:17 +02:00 · 2022-03-03 20:59:00 +01:00
parent 0b12d91817
commit c739ae40b6
2 changed files with 6 additions and 17 deletions
--- a/python/ql/test/experimental/library-tests/frameworks/XML/xmltodict.py
+++ b/python/ql/test/experimental/library-tests/frameworks/XML/xmltodict.py
@@ -0,0 +1,6 @@
+import xmltodict
+
+x = "some xml"
+
+xmltodict.parse(x) # $ input=x
+xmltodict.parse(x, disable_entities=False) # $ input=x vuln='Billion Laughs' vuln='Quadratic Blowup'
--- a/python/ql/test/experimental/query-tests/Security/CWE-611/xml_to_dict.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-611/xml_to_dict.py
@@ -1,17 +0,0 @@
-from flask import request, Flask
-from io import StringIO, BytesIO
-import xmltodict
-
-app = Flask(__name__)
-
-@app.route("/xmltodict.parse")
-def xmltodict_parse():
-    xml_content = request.args['xml_content']
-
-    return xmltodict.parse(xml_content) # OK
-
-@app.route("/xmltodict.parse2")
-def xmltodict_parse2():
-    xml_content = request.args['xml_content']
-
-    return xmltodict.parse(xml_content, disable_entities=False) # NOT OK for billion laughs/quadratic