include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

``++xml++`` module

----
import xml.etree.ElementTree as ElTree


def search(data, xpath):
    root_node = ElTree.fromstring(data)

    root_node.findall(xpath)  # Sensitive
    root_node.find(xpath)  # Sensitive

    hardcoded_xpath = '.'
    root_node.findall(hardcoded_xpath)  # Ok
    root_node.find(hardcoded_xpath)  # Ok
----

``++lxml++`` library

----
from lxml import etree

def search(data, xpath):
    root_node = etree.parse(data)

    print(root_node.xpath(xpath))  # Sensitive

    hardcoded_xpath = '.'
    root_node.xpath(hardcoded_xpath)  # Ok
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]