Files
codeql/python/ql/src/Security/CWE-776/examples/XmlBombGood.py
Rasmus Wriedt Larsen 4abab22066 Python: Promote XXE and XML-bomb queries
Need to write a change-note as well, but will do that tomorrow
2022-03-31 18:47:50 +02:00

11 lines
222 B
Python

from flask import Flask, request
import defusedxml.ElementTree as ET
app = Flask(__name__)
@app.post("/upload")
def upload():
xml_src = request.get_data()
doc = ET.fromstring(xml_src)
return ET.tostring(doc)