39 lines
722 B
Plaintext
39 lines
722 B
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
<code>xml</code> module
|
|
----
|
|
import xml.etree.ElementTree as ElTree
|
|
|
|
|
|
def search(data, xpath):
|
|
root_node = ElTree.fromstring(data)
|
|
|
|
root_node.findall(xpath) # Sensitive
|
|
root_node.find(xpath) # Sensitive
|
|
|
|
hardcoded_xpath = '.'
|
|
root_node.findall(hardcoded_xpath) # Ok
|
|
root_node.find(hardcoded_xpath) # Ok
|
|
----
|
|
|
|
<code>lxml</code> library
|
|
----
|
|
from lxml import etree
|
|
|
|
def search(data, xpath):
|
|
root_node = etree.parse(data)
|
|
|
|
print(root_node.xpath(xpath)) # Sensitive
|
|
|
|
hardcoded_xpath = '.'
|
|
root_node.xpath(hardcoded_xpath) # Ok
|
|
----
|
|
|
|
include::../see.adoc[]
|