hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ginsbach/EnableJavaOverlayCompilation
codeql/python/ql/test/query-tests/Security/CWE-611-Xxe/test.py
jorgectf c82ab2b2ab Add markupsafe as XXE sanitizer 
Co-authored-by: Kevin Stubbings <Kwstubbs@users.noreply.github.com>
2023-07-05 20:23:20 +02:00

37 lines
1.1 KiB
Python
Raw Permalink Blame History

from flask import Flask, request
import lxml.etree
import markupsafe
app = Flask(__name__)
@app.route("/vuln-handler")
def vuln_handler():
xml_content = request.args['xml_content']
return lxml.etree.fromstring(xml_content).text
@app.route("/safe-handler")
def safe_handler():
xml_content = request.args['xml_content']
parser = lxml.etree.XMLParser(resolve_entities=False)
return lxml.etree.fromstring(xml_content, parser=parser).text
@app.route("/super-vuln-handler")
def super_vuln_handler():
xml_content = request.args['xml_content']
parser = lxml.etree.XMLParser(
# allows XXE
resolve_entities=True,
# allows remote XXE
no_network=False,
# together with `no_network=False`, allows DTD-retrival
load_dtd=True,
# allows DoS attacks
huge_tree=True,
)
return lxml.etree.fromstring(xml_content, parser=parser).text
@app.route("/sanitized-handler")
def sanitized_handler():
xml_content = request.args['xml_content']
xml_content = markupsafe.escape(xml_content)
return lxml.etree.fromstring(xml_content).text
Reference in New Issue View Git Blame Copy Permalink