Skip to content

Commit e472814

Browse files
committed
Python: Fix XXE qhelp
1 parent 9c286a1 commit e472814

1 file changed

Lines changed: 7 additions & 3 deletions

File tree

  • python/ql/src/experimental/Security/CWE-611

python/ql/src/experimental/Security/CWE-611/XXE.qhelp

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,11 +13,15 @@ in this situation.
1313
</p>
1414
<p>
1515
Refer to the following links to check the details regarding how and which libraries are vulnerable:
16+
</p>
17+
18+
<ul>
1619
<li><a href="https://docs.python.org/3/library/xml.html#xml-vulnerabilities">Python 3</a>.</li>
1720
<li><a href="https://docs.python.org/2/library/xml.html#xml-vulnerabilities">Python 2</a>.</li>
18-
</p>
21+
</ul>
22+
1923
<p>
20-
This query currently identifies vulnerable XML parsing from the following parsers:
24+
This query currently identifies vulnerable XML parsing from the following parsers:
2125
<code>xml.etree.ElementTree.XMLParser</code>, <code>lxml.etree.XMLParser</code>, <code>lxml.etree.get_default_parser</code>,
2226
<code>xml.sax.make_parser</code>.
2327
</p>
@@ -47,4 +51,4 @@ that is not safely configured on untrusted data, and is therefore inherently uns
4751
<li>Denial of service attack (Billion laughs): <a href="https://en.wikipedia.org/wiki/Billion_laughs">Billion Laughs.</a></li>
4852
</references>
4953

50-
</qhelp>
54+
</qhelp>

0 commit comments

Comments
 (0)