mirror of
https://github.com/github/codeql.git
synced 2025-12-18 18:10:39 +01:00
50 lines
1.2 KiB
Python
50 lines
1.2 KiB
Python
from io import StringIO
|
|
from flask import Flask, request
|
|
|
|
app = Flask(__name__)
|
|
|
|
|
|
@app.route("/xpath1")
|
|
def xpath1():
|
|
from lxml import etree
|
|
|
|
xpathQuery = request.args.get('xml', '')
|
|
f = StringIO('<foo><bar></bar></foo>')
|
|
tree = etree.parse(f)
|
|
r = tree.xpath(xpathQuery)
|
|
|
|
|
|
@app.route("/xpath2")
|
|
def xpath2():
|
|
from lxml import etree
|
|
xpathQuery = request.args.get('xml', '')
|
|
|
|
root = etree.XML("<root><a>TEXT</a></root>")
|
|
find_text = etree.XPath(xpathQuery)
|
|
text = find_text(root)[0]
|
|
|
|
|
|
@app.route("/xpath3")
|
|
def xpath3():
|
|
from lxml import etree
|
|
xpathQuery = request.args.get('xml', '')
|
|
root = etree.XML("<root><a>TEXT</a></root>")
|
|
find_text = etree.XPath(xpathQuery, smart_strings=False)
|
|
text = find_text(root)[0]
|
|
|
|
|
|
@app.route("/xpath4")
|
|
def xpath4():
|
|
from lxml import etree
|
|
xpathQuery = request.args.get('xml', '')
|
|
root = etree.XML("<root><a>TEXT</a></root>")
|
|
find_text = etree.ETXPath(xpathQuery)
|
|
text = find_text(root)[0]
|
|
|
|
@app.route("/xpath5")
|
|
def xpath5():
|
|
import libxml2
|
|
xpathQuery = request.args.get('xml', '')
|
|
doc = libxml2.parseFile('xpath_injection/credential.xml')
|
|
results = doc.xpathEval(xpathQuery)
|