Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 46238d5

Browse files
RasmusWLRasmusWL
committed
Python: Add test for XMLPullParser
But handling this in a nice way will require some restructuring
1 parent 33ebcdf commit 46238d5

1 file changed

Lines changed: 6 additions & 0 deletions

File tree

  • python/ql/test/experimental/library-tests/frameworks/XML

python/ql/test/experimental/library-tests/frameworks/XML/xml_etree.py

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,12 @@
3333
parser.feed(data=x) # $ input=x vuln='Billion Laughs' vuln='Quadratic Blowup'
3434
parser.close()
3535

36+
# manual use of feed method on XMLPullParser
37+
parser = xml.etree.ElementTree.XMLPullParser()
38+
parser.feed(x) # $ MISSING: input=x vuln='Billion Laughs' vuln='Quadratic Blowup'
39+
parser.feed(data=x) # $ MISSING: input=x vuln='Billion Laughs' vuln='Quadratic Blowup'
40+
parser.close()
41+
3642
# note: it's technically possible to use the thing wrapper func `fromstring` with an
3743
# `lxml` parser, and thereby change what vulnerabilities you are exposed to.. but it
3844
# seems very unlikely that anyone would do this, so we have intentionally not added any

0 commit comments

Comments
 (0)