Skip to content

Python : Add Xpath injection query #92

Closed
Closed
Python : Add Xpath injection query#92
Labels
All For OneSubmissions to the All for One, One for All bounty
@ghost

Description

@ghost
ghost
opened on May 21, 2020

CVE

There is no CVE for this.

Report

This query adds Xpath injection query to codeql-python. It models the lxml package.

It detects the following code patterns.

f = StringIO('<foo><bar></bar></foo>')
tree = etree.parse(f)
r = tree.xpath('`sink`')
root = etree.XML("<xmlContent>")
find_text = etree.XPath("`sink`")
root = etree.XML("<xmlContent>")
find_text = etree.EtXPath("`sink`")

The PR also includes necessary tests for the same.

Link to the corresponding PR [github/codeql#3522]

Metadata

Metadata

Assignees

No one assigned

    Labels

    All For OneSubmissions to the All for One, One for All bounty

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions