Module Xml

Provides class and predicates to track external data that may represent malicious XML objects.

This module is intended to be imported into a taint-tracking query to extend TaintKind and TaintSink.

Import path

semmle.python.security.injection.Xml

Imports

TaintTracking

Python Taint Tracking Library

Untrusted
python

Classes

ExternalXmlString

A (potentially) malicious XML string.

XmlLoadNode

A call to an XML library function that is potentially vulnerable to a specially crafted XML string.