codeql/python/ql/lib/semmle/python/frameworks/Xmltodict.qll

/**
 * Provides classes modeling security-relevant aspects of the `xmltodict` PyPI package.
 *
 * See
 * - https://pypi.org/project/xmltodict/
 */

private import python
private import semmle.python.dataflow.new.DataFlow
private import semmle.python.Concepts
private import semmle.python.ApiGraphs

/**
 * Provides classes modeling security-relevant aspects of the `xmltodict` PyPI package
 *
 * See
 * - https://pypi.org/project/xmltodict/
 */
private module Xmltodict {
  /**
   * A call to `xmltodict.parse`.
   */
  private class XMLtoDictParsing extends API::CallNode, XML::XmlParsing::Range {
    XMLtoDictParsing() { this = API::moduleImport("xmltodict").getMember("parse").getACall() }

    override DataFlow::Node getAnInput() {
      result in [this.getArg(0), this.getArgByName("xml_input")]
    }

    override predicate vulnerableTo(XML::XmlParsingVulnerabilityKind kind) {
      kind.isXmlBomb() and
      this.getKeywordParameter("disable_entities").getAValueReachingSink().asExpr() = any(False f)
    }

    override predicate mayExecuteInput() { none() }

    override DataFlow::Node getOutput() { result = this }
  }
}