CodeQL library for Python
codeql/python-all 0.6.4 (changelog, source)
Search

Module XmlBomb

Provides default sources, sinks and sanitizers for detecting “XML bomb” vulnerabilities, as well as extension points for adding your own.

Import path

import semmle.python.security.dataflow.XmlBombCustomizations

Classes

RemoteFlowSourceAsSource

A source of remote user input, considered as a flow source for XML bomb vulnerabilities.

Sanitizer

A sanitizer for XML-bomb vulnerabilities.

Sink

A data flow sink for XML-bomb vulnerabilities.

Source

A data flow source for XML-bomb vulnerabilities.

XmlParsingVulnerableToXmlBomb

A call to an XML parser that is vulnerable to XML bombs.