hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 12:16:33 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Fix SimpleXmlRpcServer.ql

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2022-03-31 20:37:28 +02:00
parent 4abab22066
commit d2b03bb480
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql
View File

@@ -10,14 +10,14 @@
*/ */
private import python private import python
private import experimental.semmle.python.Concepts private import semmle.python.Concepts
private import semmle.python.ApiGraphs private import semmle.python.ApiGraphs
from DataFlow::CallCfgNode call, string kinds from DataFlow::CallCfgNode call, string kinds
where where
call = API::moduleImport("xmlrpc").getMember("server").getMember("SimpleXMLRPCServer").getACall() and call = API::moduleImport("xmlrpc").getMember("server").getMember("SimpleXMLRPCServer").getACall() and
kinds = kinds =
strictconcat(ExperimentalXML::XMLParsingVulnerabilityKind kind | strictconcat(XML::XMLParsingVulnerabilityKind kind |
kind.isBillionLaughs() or kind.isQuadraticBlowup() kind.isBillionLaughs() or kind.isQuadraticBlowup()
| |
kind, ", " kind, ", "