hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Apply suggestions from code review

Browse Source 
Co-authored-by: yoff <lerchedahl@gmail.com>
This commit is contained in:
Rasmus Wriedt Larsen
2022-05-09 10:53:25 +02:00
committed by GitHub
parent 714465bf39
commit f5854f33da
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/src/Security/CWE-776/XmlBomb.qhelp
View File

@@ -39,7 +39,7 @@ PyPI package, which has been created to prevent XML attacks (both XXE and XML bo
<example> <example>
<p> <p>
The following example uses the <code>xml.etree</code> XML parser provided by the Python standard library to The following example uses the <code>xml.etree</code> XML parser provided by the Python standard library to
parse a string <code>xml_src</code>. That string is from an untrusted source, so this code is be parse a string <code>xml_src</code>. That string is from an untrusted source, so this code is
vulnerable to a DoS attack, since the <code>xml.etree</code> XML parser expands internal entities by default: vulnerable to a DoS attack, since the <code>xml.etree</code> XML parser expands internal entities by default:
</p> </p>
<sample src="examples/XmlBombBad.py"/> <sample src="examples/XmlBombBad.py"/>