hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
6dd776b2de9e6eede27d2cc22d9781db4fe8a83d
codeql/python/ql/test/experimental/query-tests/Security/CWE-611
History
Rasmus Wriedt Larsen 6dd776b2de Python: Only produce one alert per vulnerable XML sink 
This made it much easier to debug the current alerts on tests at least.

Notice that it's important that we have `strictconcat` and not just
`concat`, since `concat` will also allow flow to sinks that are not
vulnerable to any kind of XML vulnerability :|
2022-03-02 15:22:11 +01:00
..
lxml_etree.py
Update
2022-02-08 17:23:18 +01:00
xml_dom.py
Update
2022-02-08 17:23:18 +01:00
xml_etree.py
Test polish
2022-02-08 17:50:39 +01:00
xml_sax_make_parser.py
Python: Rewrite sax XML tests
2022-03-02 14:24:46 +01:00
xml_to_dict.py
Update
2022-02-08 17:23:18 +01:00
XmlEntityInjection.expected
Python: Only produce one alert per vulnerable XML sink
2022-03-02 15:22:11 +01:00
XmlEntityInjection.qlref
XmlInjection -> XmlEntityInjection
2022-02-09 13:28:56 +01:00
xmlrpc_server.py
Update
2022-02-08 17:23:18 +01:00