You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: python/ql/test/experimental/query-tests/Security/CWE-611/XmlEntityInjection.expected
+51-51Lines changed: 51 additions & 51 deletions
Original file line number
Diff line number
Diff line change
@@ -71,25 +71,25 @@ edges
71
71
| xml_etree.py:60:19:60:25 | ControlFlowNode for request | xml_etree.py:60:19:60:30 | ControlFlowNode for Attribute |
72
72
| xml_etree.py:60:19:60:30 | ControlFlowNode for Attribute | xml_etree.py:60:19:60:45 | ControlFlowNode for Subscript |
73
73
| xml_etree.py:60:19:60:45 | ControlFlowNode for Subscript | xml_etree.py:64:45:64:55 | ControlFlowNode for xml_content |
74
-
| xml_sax_make_parser.py:31:19:31:25 | ControlFlowNode for request | xml_sax_make_parser.py:31:19:31:30 | ControlFlowNode for Attribute |
75
-
| xml_sax_make_parser.py:31:19:31:30 | ControlFlowNode for Attribute | xml_sax_make_parser.py:31:19:31:45 | ControlFlowNode for Subscript |
76
-
| xml_sax_make_parser.py:31:19:31:45 | ControlFlowNode for Subscript | xml_sax_make_parser.py:36:18:36:38 | ControlFlowNode for StringIO() |
77
-
| xml_sax_make_parser.py:42:19:42:25 | ControlFlowNode for request | xml_sax_make_parser.py:42:19:42:30 | ControlFlowNode for Attribute |
78
-
| xml_sax_make_parser.py:42:19:42:30 | ControlFlowNode for Attribute | xml_sax_make_parser.py:42:19:42:45 | ControlFlowNode for Subscript |
79
-
| xml_sax_make_parser.py:42:19:42:45 | ControlFlowNode for Subscript | xml_sax_make_parser.py:49:18:49:38 | ControlFlowNode for StringIO() |
80
-
| xml_sax_make_parser.py:63:19:63:25 | ControlFlowNode for request | xml_sax_make_parser.py:63:19:63:30 | ControlFlowNode for Attribute |
81
-
| xml_sax_make_parser.py:63:19:63:30 | ControlFlowNode for Attribute | xml_sax_make_parser.py:63:19:63:45 | ControlFlowNode for Subscript |
82
-
| xml_sax_make_parser.py:63:19:63:45 | ControlFlowNode for Subscript | xml_sax_make_parser.py:69:18:69:38 | ControlFlowNode for StringIO() |
83
-
| xml_sax_make_parser.py:75:19:75:25 | ControlFlowNode for request | xml_sax_make_parser.py:75:19:75:30 | ControlFlowNode for Attribute |
84
-
| xml_sax_make_parser.py:75:19:75:30 | ControlFlowNode for Attribute | xml_sax_make_parser.py:75:19:75:45 | ControlFlowNode for Subscript |
85
-
| xml_sax_make_parser.py:75:19:75:45 | ControlFlowNode for Subscript | xml_sax_make_parser.py:79:33:79:53 | ControlFlowNode for StringIO() |
86
-
| xml_sax_make_parser.py:86:19:86:25 | ControlFlowNode for request | xml_sax_make_parser.py:86:19:86:30 | ControlFlowNode for Attribute |
87
-
| xml_sax_make_parser.py:86:19:86:30 | ControlFlowNode for Attribute | xml_sax_make_parser.py:86:19:86:45 | ControlFlowNode for Subscript |
88
-
| xml_sax_make_parser.py:86:19:86:45 | ControlFlowNode for Subscript | xml_sax_make_parser.py:91:22:91:42 | ControlFlowNode for StringIO() |
89
-
| xml_sax_make_parser.py:86:19:86:45 | ControlFlowNode for Subscript | xml_sax_make_parser.py:93:22:93:42 | ControlFlowNode for StringIO() |
90
-
| xml_sax_make_parser.py:98:19:98:25 | ControlFlowNode for request | xml_sax_make_parser.py:98:19:98:30 | ControlFlowNode for Attribute |
91
-
| xml_sax_make_parser.py:98:19:98:30 | ControlFlowNode for Attribute | xml_sax_make_parser.py:98:19:98:45 | ControlFlowNode for Subscript |
92
-
| xml_sax_make_parser.py:98:19:98:45 | ControlFlowNode for Subscript | xml_sax_make_parser.py:103:18:103:38 | ControlFlowNode for StringIO() |
74
+
| xml_sax.py:31:19:31:25 | ControlFlowNode for request | xml_sax.py:31:19:31:30 | ControlFlowNode for Attribute |
75
+
| xml_sax.py:31:19:31:30 | ControlFlowNode for Attribute | xml_sax.py:31:19:31:45 | ControlFlowNode for Subscript |
76
+
| xml_sax.py:31:19:31:45 | ControlFlowNode for Subscript | xml_sax.py:36:18:36:38 | ControlFlowNode for StringIO() |
77
+
| xml_sax.py:42:19:42:25 | ControlFlowNode for request | xml_sax.py:42:19:42:30 | ControlFlowNode for Attribute |
78
+
| xml_sax.py:42:19:42:30 | ControlFlowNode for Attribute | xml_sax.py:42:19:42:45 | ControlFlowNode for Subscript |
79
+
| xml_sax.py:42:19:42:45 | ControlFlowNode for Subscript | xml_sax.py:49:18:49:38 | ControlFlowNode for StringIO() |
80
+
| xml_sax.py:63:19:63:25 | ControlFlowNode for request | xml_sax.py:63:19:63:30 | ControlFlowNode for Attribute |
81
+
| xml_sax.py:63:19:63:30 | ControlFlowNode for Attribute | xml_sax.py:63:19:63:45 | ControlFlowNode for Subscript |
82
+
| xml_sax.py:63:19:63:45 | ControlFlowNode for Subscript | xml_sax.py:69:18:69:38 | ControlFlowNode for StringIO() |
83
+
| xml_sax.py:75:19:75:25 | ControlFlowNode for request | xml_sax.py:75:19:75:30 | ControlFlowNode for Attribute |
84
+
| xml_sax.py:75:19:75:30 | ControlFlowNode for Attribute | xml_sax.py:75:19:75:45 | ControlFlowNode for Subscript |
85
+
| xml_sax.py:75:19:75:45 | ControlFlowNode for Subscript | xml_sax.py:79:33:79:53 | ControlFlowNode for StringIO() |
86
+
| xml_sax.py:86:19:86:25 | ControlFlowNode for request | xml_sax.py:86:19:86:30 | ControlFlowNode for Attribute |
87
+
| xml_sax.py:86:19:86:30 | ControlFlowNode for Attribute | xml_sax.py:86:19:86:45 | ControlFlowNode for Subscript |
88
+
| xml_sax.py:86:19:86:45 | ControlFlowNode for Subscript | xml_sax.py:91:22:91:42 | ControlFlowNode for StringIO() |
89
+
| xml_sax.py:86:19:86:45 | ControlFlowNode for Subscript | xml_sax.py:93:22:93:42 | ControlFlowNode for StringIO() |
90
+
| xml_sax.py:98:19:98:25 | ControlFlowNode for request | xml_sax.py:98:19:98:30 | ControlFlowNode for Attribute |
91
+
| xml_sax.py:98:19:98:30 | ControlFlowNode for Attribute | xml_sax.py:98:19:98:45 | ControlFlowNode for Subscript |
92
+
| xml_sax.py:98:19:98:45 | ControlFlowNode for Subscript | xml_sax.py:103:18:103:38 | ControlFlowNode for StringIO() |
93
93
| xml_to_dict.py:9:19:9:25 | ControlFlowNode for request | xml_to_dict.py:9:19:9:30 | ControlFlowNode for Attribute |
94
94
| xml_to_dict.py:9:19:9:30 | ControlFlowNode for Attribute | xml_to_dict.py:9:19:9:45 | ControlFlowNode for Subscript |
95
95
| xml_to_dict.py:9:19:9:45 | ControlFlowNode for Subscript | xml_to_dict.py:11:28:11:38 | ControlFlowNode for xml_content |
@@ -193,31 +193,31 @@ nodes
193
193
| xml_etree.py:60:19:60:30 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
194
194
| xml_etree.py:60:19:60:45 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
195
195
| xml_etree.py:64:45:64:55 | ControlFlowNode for xml_content | semmle.label | ControlFlowNode for xml_content |
196
-
| xml_sax_make_parser.py:31:19:31:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
197
-
| xml_sax_make_parser.py:31:19:31:30 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
198
-
| xml_sax_make_parser.py:31:19:31:45 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
199
-
| xml_sax_make_parser.py:36:18:36:38 | ControlFlowNode for StringIO() | semmle.label | ControlFlowNode for StringIO() |
200
-
| xml_sax_make_parser.py:42:19:42:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
201
-
| xml_sax_make_parser.py:42:19:42:30 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
202
-
| xml_sax_make_parser.py:42:19:42:45 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
203
-
| xml_sax_make_parser.py:49:18:49:38 | ControlFlowNode for StringIO() | semmle.label | ControlFlowNode for StringIO() |
204
-
| xml_sax_make_parser.py:63:19:63:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
205
-
| xml_sax_make_parser.py:63:19:63:30 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
206
-
| xml_sax_make_parser.py:63:19:63:45 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
207
-
| xml_sax_make_parser.py:69:18:69:38 | ControlFlowNode for StringIO() | semmle.label | ControlFlowNode for StringIO() |
208
-
| xml_sax_make_parser.py:75:19:75:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
209
-
| xml_sax_make_parser.py:75:19:75:30 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
210
-
| xml_sax_make_parser.py:75:19:75:45 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
211
-
| xml_sax_make_parser.py:79:33:79:53 | ControlFlowNode for StringIO() | semmle.label | ControlFlowNode for StringIO() |
212
-
| xml_sax_make_parser.py:86:19:86:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
213
-
| xml_sax_make_parser.py:86:19:86:30 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
214
-
| xml_sax_make_parser.py:86:19:86:45 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
215
-
| xml_sax_make_parser.py:91:22:91:42 | ControlFlowNode for StringIO() | semmle.label | ControlFlowNode for StringIO() |
216
-
| xml_sax_make_parser.py:93:22:93:42 | ControlFlowNode for StringIO() | semmle.label | ControlFlowNode for StringIO() |
217
-
| xml_sax_make_parser.py:98:19:98:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
218
-
| xml_sax_make_parser.py:98:19:98:30 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
219
-
| xml_sax_make_parser.py:98:19:98:45 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
220
-
| xml_sax_make_parser.py:103:18:103:38 | ControlFlowNode for StringIO() | semmle.label | ControlFlowNode for StringIO() |
196
+
| xml_sax.py:31:19:31:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
197
+
| xml_sax.py:31:19:31:30 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
198
+
| xml_sax.py:31:19:31:45 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
199
+
| xml_sax.py:36:18:36:38 | ControlFlowNode for StringIO() | semmle.label | ControlFlowNode for StringIO() |
200
+
| xml_sax.py:42:19:42:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
201
+
| xml_sax.py:42:19:42:30 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
202
+
| xml_sax.py:42:19:42:45 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
203
+
| xml_sax.py:49:18:49:38 | ControlFlowNode for StringIO() | semmle.label | ControlFlowNode for StringIO() |
204
+
| xml_sax.py:63:19:63:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
205
+
| xml_sax.py:63:19:63:30 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
206
+
| xml_sax.py:63:19:63:45 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
207
+
| xml_sax.py:69:18:69:38 | ControlFlowNode for StringIO() | semmle.label | ControlFlowNode for StringIO() |
208
+
| xml_sax.py:75:19:75:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
209
+
| xml_sax.py:75:19:75:30 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
210
+
| xml_sax.py:75:19:75:45 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
211
+
| xml_sax.py:79:33:79:53 | ControlFlowNode for StringIO() | semmle.label | ControlFlowNode for StringIO() |
212
+
| xml_sax.py:86:19:86:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
213
+
| xml_sax.py:86:19:86:30 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
214
+
| xml_sax.py:86:19:86:45 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
215
+
| xml_sax.py:91:22:91:42 | ControlFlowNode for StringIO() | semmle.label | ControlFlowNode for StringIO() |
216
+
| xml_sax.py:93:22:93:42 | ControlFlowNode for StringIO() | semmle.label | ControlFlowNode for StringIO() |
217
+
| xml_sax.py:98:19:98:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
218
+
| xml_sax.py:98:19:98:30 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
219
+
| xml_sax.py:98:19:98:45 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
220
+
| xml_sax.py:103:18:103:38 | ControlFlowNode for StringIO() | semmle.label | ControlFlowNode for StringIO() |
221
221
| xml_to_dict.py:9:19:9:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
222
222
| xml_to_dict.py:9:19:9:30 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
223
223
| xml_to_dict.py:9:19:9:45 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
@@ -250,11 +250,11 @@ subpaths
250
250
| xml_etree.py:42:45:42:55 | ControlFlowNode for xml_content | xml_etree.py:39:19:39:25 | ControlFlowNode for request | xml_etree.py:42:45:42:55 | ControlFlowNode for xml_content | $@ XML input is constructed from a $@ and is vulnerable to: Billion Laughs, Quadratic Blowup. | xml_etree.py:42:45:42:55 | ControlFlowNode for xml_content | This | xml_etree.py:39:19:39:25 | ControlFlowNode for request | user-provided value |
251
251
| xml_etree.py:49:45:49:55 | ControlFlowNode for xml_content | xml_etree.py:46:19:46:25 | ControlFlowNode for request | xml_etree.py:49:45:49:55 | ControlFlowNode for xml_content | $@ XML input is constructed from a $@ and is vulnerable to: XXE. | xml_etree.py:49:45:49:55 | ControlFlowNode for xml_content | This | xml_etree.py:46:19:46:25 | ControlFlowNode for request | user-provided value |
252
252
| xml_etree.py:56:45:56:55 | ControlFlowNode for xml_content | xml_etree.py:53:19:53:25 | ControlFlowNode for request | xml_etree.py:56:45:56:55 | ControlFlowNode for xml_content | $@ XML input is constructed from a $@ and is vulnerable to: XXE. | xml_etree.py:56:45:56:55 | ControlFlowNode for xml_content | This | xml_etree.py:53:19:53:25 | ControlFlowNode for request | user-provided value |
253
-
| xml_sax_make_parser.py:36:18:36:38 | ControlFlowNode for StringIO() | xml_sax_make_parser.py:31:19:31:25 | ControlFlowNode for request | xml_sax_make_parser.py:36:18:36:38 | ControlFlowNode for StringIO() | $@ XML input is constructed from a $@ and is vulnerable to: Billion Laughs, Quadratic Blowup. | xml_sax_make_parser.py:36:18:36:38 | ControlFlowNode for StringIO() | This | xml_sax_make_parser.py:31:19:31:25 | ControlFlowNode for request | user-provided value |
254
-
| xml_sax_make_parser.py:49:18:49:38 | ControlFlowNode for StringIO() | xml_sax_make_parser.py:42:19:42:25 | ControlFlowNode for request | xml_sax_make_parser.py:49:18:49:38 | ControlFlowNode for StringIO() | $@ XML input is constructed from a $@ and is vulnerable to: Billion Laughs, Quadratic Blowup. | xml_sax_make_parser.py:49:18:49:38 | ControlFlowNode for StringIO() | This | xml_sax_make_parser.py:42:19:42:25 | ControlFlowNode for request | user-provided value |
255
-
| xml_sax_make_parser.py:69:18:69:38 | ControlFlowNode for StringIO() | xml_sax_make_parser.py:63:19:63:25 | ControlFlowNode for request | xml_sax_make_parser.py:69:18:69:38 | ControlFlowNode for StringIO() | $@ XML input is constructed from a $@ and is vulnerable to: Billion Laughs, DTD retrieval, Quadratic Blowup, XXE. | xml_sax_make_parser.py:69:18:69:38 | ControlFlowNode for StringIO() | This | xml_sax_make_parser.py:63:19:63:25 | ControlFlowNode for request | user-provided value |
256
-
| xml_sax_make_parser.py:79:33:79:53 | ControlFlowNode for StringIO() | xml_sax_make_parser.py:75:19:75:25 | ControlFlowNode for request | xml_sax_make_parser.py:79:33:79:53 | ControlFlowNode for StringIO() | $@ XML input is constructed from a $@ and is vulnerable to: Billion Laughs, DTD retrieval, Quadratic Blowup, XXE. | xml_sax_make_parser.py:79:33:79:53 | ControlFlowNode for StringIO() | This | xml_sax_make_parser.py:75:19:75:25 | ControlFlowNode for request | user-provided value |
257
-
| xml_sax_make_parser.py:91:22:91:42 | ControlFlowNode for StringIO() | xml_sax_make_parser.py:86:19:86:25 | ControlFlowNode for request | xml_sax_make_parser.py:91:22:91:42 | ControlFlowNode for StringIO() | $@ XML input is constructed from a $@ and is vulnerable to: Billion Laughs, DTD retrieval, Quadratic Blowup, XXE. | xml_sax_make_parser.py:91:22:91:42 | ControlFlowNode for StringIO() | This | xml_sax_make_parser.py:86:19:86:25 | ControlFlowNode for request | user-provided value |
258
-
| xml_sax_make_parser.py:93:22:93:42 | ControlFlowNode for StringIO() | xml_sax_make_parser.py:86:19:86:25 | ControlFlowNode for request | xml_sax_make_parser.py:93:22:93:42 | ControlFlowNode for StringIO() | $@ XML input is constructed from a $@ and is vulnerable to: Billion Laughs, Quadratic Blowup. | xml_sax_make_parser.py:93:22:93:42 | ControlFlowNode for StringIO() | This | xml_sax_make_parser.py:86:19:86:25 | ControlFlowNode for request | user-provided value |
259
-
| xml_sax_make_parser.py:103:18:103:38 | ControlFlowNode for StringIO() | xml_sax_make_parser.py:98:19:98:25 | ControlFlowNode for request | xml_sax_make_parser.py:103:18:103:38 | ControlFlowNode for StringIO() | $@ XML input is constructed from a $@ and is vulnerable to: Billion Laughs, Quadratic Blowup. | xml_sax_make_parser.py:103:18:103:38 | ControlFlowNode for StringIO() | This | xml_sax_make_parser.py:98:19:98:25 | ControlFlowNode for request | user-provided value |
253
+
| xml_sax.py:36:18:36:38 | ControlFlowNode for StringIO() | xml_sax.py:31:19:31:25 | ControlFlowNode for request | xml_sax.py:36:18:36:38 | ControlFlowNode for StringIO() | $@ XML input is constructed from a $@ and is vulnerable to: Billion Laughs, Quadratic Blowup. | xml_sax.py:36:18:36:38 | ControlFlowNode for StringIO() | This | xml_sax.py:31:19:31:25 | ControlFlowNode for request | user-provided value |
254
+
| xml_sax.py:49:18:49:38 | ControlFlowNode for StringIO() | xml_sax.py:42:19:42:25 | ControlFlowNode for request | xml_sax.py:49:18:49:38 | ControlFlowNode for StringIO() | $@ XML input is constructed from a $@ and is vulnerable to: Billion Laughs, Quadratic Blowup. | xml_sax.py:49:18:49:38 | ControlFlowNode for StringIO() | This | xml_sax.py:42:19:42:25 | ControlFlowNode for request | user-provided value |
255
+
| xml_sax.py:69:18:69:38 | ControlFlowNode for StringIO() | xml_sax.py:63:19:63:25 | ControlFlowNode for request | xml_sax.py:69:18:69:38 | ControlFlowNode for StringIO() | $@ XML input is constructed from a $@ and is vulnerable to: Billion Laughs, DTD retrieval, Quadratic Blowup, XXE. | xml_sax.py:69:18:69:38 | ControlFlowNode for StringIO() | This | xml_sax.py:63:19:63:25 | ControlFlowNode for request | user-provided value |
256
+
| xml_sax.py:79:33:79:53 | ControlFlowNode for StringIO() | xml_sax.py:75:19:75:25 | ControlFlowNode for request | xml_sax.py:79:33:79:53 | ControlFlowNode for StringIO() | $@ XML input is constructed from a $@ and is vulnerable to: Billion Laughs, DTD retrieval, Quadratic Blowup, XXE. | xml_sax.py:79:33:79:53 | ControlFlowNode for StringIO() | This | xml_sax.py:75:19:75:25 | ControlFlowNode for request | user-provided value |
257
+
| xml_sax.py:91:22:91:42 | ControlFlowNode for StringIO() | xml_sax.py:86:19:86:25 | ControlFlowNode for request | xml_sax.py:91:22:91:42 | ControlFlowNode for StringIO() | $@ XML input is constructed from a $@ and is vulnerable to: Billion Laughs, DTD retrieval, Quadratic Blowup, XXE. | xml_sax.py:91:22:91:42 | ControlFlowNode for StringIO() | This | xml_sax.py:86:19:86:25 | ControlFlowNode for request | user-provided value |
258
+
| xml_sax.py:93:22:93:42 | ControlFlowNode for StringIO() | xml_sax.py:86:19:86:25 | ControlFlowNode for request | xml_sax.py:93:22:93:42 | ControlFlowNode for StringIO() | $@ XML input is constructed from a $@ and is vulnerable to: Billion Laughs, Quadratic Blowup. | xml_sax.py:93:22:93:42 | ControlFlowNode for StringIO() | This | xml_sax.py:86:19:86:25 | ControlFlowNode for request | user-provided value |
259
+
| xml_sax.py:103:18:103:38 | ControlFlowNode for StringIO() | xml_sax.py:98:19:98:25 | ControlFlowNode for request | xml_sax.py:103:18:103:38 | ControlFlowNode for StringIO() | $@ XML input is constructed from a $@ and is vulnerable to: Billion Laughs, Quadratic Blowup. | xml_sax.py:103:18:103:38 | ControlFlowNode for StringIO() | This | xml_sax.py:98:19:98:25 | ControlFlowNode for request | user-provided value |
260
260
| xml_to_dict.py:17:28:17:38 | ControlFlowNode for xml_content | xml_to_dict.py:15:19:15:25 | ControlFlowNode for request | xml_to_dict.py:17:28:17:38 | ControlFlowNode for xml_content | $@ XML input is constructed from a $@ and is vulnerable to: Billion Laughs, Quadratic Blowup. | xml_to_dict.py:17:28:17:38 | ControlFlowNode for xml_content | This | xml_to_dict.py:15:19:15:25 | ControlFlowNode for request | user-provided value |
0 commit comments