CodeQL library for Python
codeql/python-all 0.6.4 (changelog, source)
Search

Module Xml

Provides class and predicates to track external data that may represent malicious XML objects.

This module is intended to be imported into a taint-tracking query to extend TaintKind and TaintSink.

Import path

import semmle.python.security.injection.Xml

Imports

Classes

ExternalXmlString

A (potentially) malicious XML string.

XmlLoadNode

A call to an XML library function that is potentially vulnerable to a specially crafted XML string.