CodeQL library for Python
codeql/python-all 0.6.5 (changelog, source)
Search

Module Xxe

Provides default sources, sinks and sanitizers for detecting “XML External Entity (XXE)” vulnerabilities, as well as extension points for adding your own.

Import path

import semmle.python.security.dataflow.XxeCustomizations

Classes

RemoteFlowSourceAsSource

A source of remote user input, considered as a flow source for XXE vulnerabilities.

Sanitizer

A sanitizer for XXE vulnerabilities.

Sink

A data flow sink for XXE vulnerabilities.

Source

A data flow source for XXE vulnerabilities.

XmlParsingVulnerableToXxe

A call to an XML parser that is vulnerable to XXE.