mirror of
https://github.com/github/codeql.git
synced 2026-03-01 13:23:49 +01:00
24 lines
765 B
Plaintext
24 lines
765 B
Plaintext
/**
|
|
* @name XML internal entity expansion
|
|
* @description Parsing user input as an XML document with arbitrary internal
|
|
* entity expansion is vulnerable to denial-of-service attacks.
|
|
* @kind path-problem
|
|
* @problem.severity warning
|
|
* @security-severity 7.5
|
|
* @precision high
|
|
* @id py/xml-bomb
|
|
* @tags security
|
|
* external/cwe/cwe-776
|
|
* external/cwe/cwe-400
|
|
*/
|
|
|
|
import python
|
|
import semmle.python.security.dataflow.XmlBombQuery
|
|
import XmlBombFlow::PathGraph
|
|
|
|
from XmlBombFlow::PathNode source, XmlBombFlow::PathNode sink
|
|
where XmlBombFlow::flowPath(source, sink)
|
|
select sink.getNode(), source, sink,
|
|
"XML parsing depends on a $@ without guarding against uncontrolled entity expansion.",
|
|
source.getNode(), "user-provided value"
|