49 lines
878 B
Plaintext
49 lines
878 B
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
``++xml++`` module
|
|
|
|
----
|
|
import xml.etree.ElementTree as ElTree
|
|
|
|
|
|
def search(data, xpath):
|
|
root_node = ElTree.fromstring(data)
|
|
|
|
root_node.findall(xpath) # Sensitive
|
|
root_node.find(xpath) # Sensitive
|
|
|
|
hardcoded_xpath = '.'
|
|
root_node.findall(hardcoded_xpath) # Ok
|
|
root_node.find(hardcoded_xpath) # Ok
|
|
----
|
|
|
|
``++lxml++`` library
|
|
|
|
----
|
|
from lxml import etree
|
|
|
|
def search(data, xpath):
|
|
root_node = etree.parse(data)
|
|
|
|
print(root_node.xpath(xpath)) # Sensitive
|
|
|
|
hardcoded_xpath = '.'
|
|
root_node.xpath(hardcoded_xpath) # Ok
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|