hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
sauyon/java-spring-stringutils
codeql/javascript/ql/test/query-tests/Security/CWE-611/libxml.sax.js
Erik Krogh Kristensen 5a87628478 update consistency comments for CWE-611
2020-07-08 10:03:03 +02:00

8 lines
274 B
JavaScript
Raw Permalink Blame History

const express = require('express');
const libxmljs = require('libxmljs');
express().get('/some/path', function(req) {
const parser = new libxmljs.SaxParser();
parser.parseString(req.param("some-xml")); // NOT OK: the SAX parser expands external entities by default
});
Reference in New Issue View Git Blame Copy Permalink