René's URL Explorer Experiment


Title: Python: Promote XXE and XML-bomb queries by RasmusWL · Pull Request #8634 · github/codeql · GitHub

Open Graph Title: Python: Promote XXE and XML-bomb queries by RasmusWL · Pull Request #8634 · github/codeql

X Title: Python: Promote XXE and XML-bomb queries by RasmusWL · Pull Request #8634 · github/codeql

Description: This was a draft PR to ensure we don't merge it before we have agreed with JS/Ruby about the new XmlParsing concept, but they have said good for it, so we're ready to go 👍 With this PR, I have copi...

Open Graph Description: This was a draft PR to ensure we don't merge it before we have agreed with JS/Ruby about the new XmlParsing concept, but they have said good for it, so we're ready to go 👍 With this PR, I h...

X Description: This was a draft PR to ensure we don't merge it before we have agreed with JS/Ruby about the new XmlParsing concept, but they have said good for it, so we're ready to go 👍 With this...

Opengraph URL: https://github.com/github/codeql/pull/8634

X: @github

direct link

Domain: github.com

route-pattern/_view_fragments/voltron/pull_requests/show/:user_id/:repository/:id/pull_request_layout(.:format)
route-controllervoltron_pull_requests_fragments
route-actionpull_request_layout
fetch-noncev2:18a2c7e0-422e-b1a2-8cdf-9cdc44fef7eb
current-catalog-service-hashae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b
request-id931A:C53D0:20DD328:2E109A9:6970EF7D
html-safe-nonce31fa708e357361d7b42de790ab6dcfddd3c5da212224a456ca645c57124ccab3
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI5MzFBOkM1M0QwOjIwREQzMjg6MkUxMDlBOTo2OTcwRUY3RCIsInZpc2l0b3JfaWQiOiIxNjM4NjU0MDIwODk4ODQ0NTQxIiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0=
visitor-hmac85dee9f2d1c980905fc236df5c02a1f4a315c5666a1d978d8cd7032351c29856
hovercard-subject-tagpull_request:896138354
github-keyboard-shortcutsrepository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location///voltron/pull_requests_fragments/pull_request_layout
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/_view_fragments/voltron/pull_requests/show/github/codeql/8634/pull_request_layout
twitter:imagehttps://opengraph.githubassets.com/c14051093d2e8c1773c2d24f266ec1aa2dede1d8df0d91985802bb6cc1e23a90/github/codeql/pull/8634
twitter:cardsummary_large_image
og:imagehttps://opengraph.githubassets.com/c14051093d2e8c1773c2d24f266ec1aa2dede1d8df0d91985802bb6cc1e23a90/github/codeql/pull/8634
og:image:altThis was a draft PR to ensure we don't merge it before we have agreed with JS/Ruby about the new XmlParsing concept, but they have said good for it, so we're ready to go 👍 With this PR, I h...
og:image:width1200
og:image:height600
og:site_nameGitHub
og:typeobject
og:author:usernameRasmusWL
hostnamegithub.com
expected-hostnamegithub.com
Noneb6ca3cb96fa07d8a62b95d681f9dc8fffb49a43f4fea2a5bcac6d8f5107cbf4e
turbo-cache-controlno-preview
go-importgithub.com/github/codeql git https://github.com/github/codeql.git
octolytics-dimension-user_id9919
octolytics-dimension-user_logingithub
octolytics-dimension-repository_id143040428
octolytics-dimension-repository_nwogithub/codeql
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id143040428
octolytics-dimension-repository_network_root_nwogithub/codeql
turbo-body-classeslogged-out env-production page-responsive
disable-turbofalse
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
released2448578278810c7bf94faa67651ef5adb1abfde
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://github.com/github/codeql/pull/8634#start-of-content
https://github.com/
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fgithub%2Fcodeql%2Fpull%2F8634
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub SparkBuild and deploy intelligent appshttps://github.com/features/spark
GitHub ModelsManage and compare promptshttps://github.com/features/models
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
GitHub SponsorsFund open source developershttps://github.com/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/accelerator
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fgithub%2Fcodeql%2Fpull%2F8634
Sign up https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fvoltron%2Fpull_requests_fragments%2Fpull_request_layout&source=header-repo&source_repo=github%2Fcodeql
Reloadhttps://github.com/github/codeql/pull/8634
Reloadhttps://github.com/github/codeql/pull/8634
Reloadhttps://github.com/github/codeql/pull/8634
github https://github.com/github
codeqlhttps://github.com/github/codeql
Notifications https://github.com/login?return_to=%2Fgithub%2Fcodeql
Fork 1.9k https://github.com/login?return_to=%2Fgithub%2Fcodeql
Star 9.2k https://github.com/login?return_to=%2Fgithub%2Fcodeql
Code https://github.com/github/codeql
Issues 919 https://github.com/github/codeql/issues
Pull requests 358 https://github.com/github/codeql/pulls
Discussions https://github.com/github/codeql/discussions
Actions https://github.com/github/codeql/actions
Projects 0 https://github.com/github/codeql/projects
Models https://github.com/github/codeql/models
Security Uh oh! There was an error while loading. Please reload this page. https://github.com/github/codeql/security
Please reload this pagehttps://github.com/github/codeql/pull/8634
Insights https://github.com/github/codeql/pulse
Code https://github.com/github/codeql
Issues https://github.com/github/codeql/issues
Pull requests https://github.com/github/codeql/pulls
Discussions https://github.com/github/codeql/discussions
Actions https://github.com/github/codeql/actions
Projects https://github.com/github/codeql/projects
Models https://github.com/github/codeql/models
Security https://github.com/github/codeql/security
Insights https://github.com/github/codeql/pulse
Sign up for GitHub https://github.com/signup?return_to=%2Fgithub%2Fcodeql%2Fissues%2Fnew%2Fchoose
terms of servicehttps://docs.github.com/terms
privacy statementhttps://docs.github.com/privacy
Sign inhttps://github.com/login?return_to=%2Fgithub%2Fcodeql%2Fissues%2Fnew%2Fchoose
Jump to bottomhttps://github.com/github/codeql/pull/8634#issue-comment-box
yoffhttps://github.com/yoff
github:mainhttps://github.com/github/codeql/tree/main
RasmusWL:promote-xxehttps://github.com/RasmusWL/codeql/tree/promote-xxe
Python: Promote XXE and XML-bomb queries https://github.com/github/codeql/pull/8634#top
yoffhttps://github.com/yoff
github:mainhttps://github.com/github/codeql/tree/main
RasmusWL:promote-xxehttps://github.com/RasmusWL/codeql/tree/promote-xxe
Conversation 20 https://github.com/github/codeql/pull/8634
Commits 54 https://github.com/github/codeql/pull/8634/commits
Checks 0 https://github.com/github/codeql/pull/8634/checks
Files changed https://github.com/github/codeql/pull/8634/files
Please reload this pagehttps://github.com/github/codeql/pull/8634
https://github.co/hiddenchars
https://github.com/github/codeql/pull/{{ revealButtonHref }}
https://github.com/RasmusWL
RasmusWLhttps://github.com/RasmusWL
Mar 31, 2022https://github.com/github/codeql/pull/8634#issue-1188376655
Please reload this pagehttps://github.com/github/codeql/pull/8634
Please reload this pagehttps://github.com/github/codeql/pull/8634
RasmusWLhttps://github.com/RasmusWL
March 31, 2022 09:52https://github.com/github/codeql/pull/8634#commits-pushed-65907c9
https://github.com/RasmusWL
Python: Copy Xxe/XmlBomb queries from JShttps://github.com/github/codeql/pull/8634/commits/65907c97620e2824ffbd008db54a98d9ee1a1060
65907c9https://github.com/github/codeql/pull/8634/commits/65907c97620e2824ffbd008db54a98d9ee1a1060
https://github.com/RasmusWL
Python: Adjust Xxe/XmlBomb for Pythonhttps://github.com/github/codeql/pull/8634/commits/e45f9d69ccb44a2109518f3c8334e21f5c193a43
e45f9d6https://github.com/github/codeql/pull/8634/commits/e45f9d69ccb44a2109518f3c8334e21f5c193a43
https://github.com/RasmusWL
Python: Add simple test of Xxe/XmlBombhttps://github.com/github/codeql/pull/8634/commits/91795b857756a4912e6a280e4e53f65f4fbaf76a
91795b8https://github.com/github/codeql/pull/8634/commits/91795b857756a4912e6a280e4e53f65f4fbaf76a
https://github.com/RasmusWL
Python: Adjust XXE PoC for newer lxml versionshttps://github.com/github/codeql/pull/8634/commits/a1d88e39a77f4c16ca0e292ca5e6311828745b2e
a1d88e3https://github.com/github/codeql/pull/8634/commits/a1d88e39a77f4c16ca0e292ca5e6311828745b2e
https://github.com/RasmusWL
Python: XXE: Add example of exfiltrating data through dtd-retrivalhttps://github.com/github/codeql/pull/8634/commits/57b97804283545dbe986c019660ae5171ba8e7ed
57b9780https://github.com/github/codeql/pull/8634/commits/57b97804283545dbe986c019660ae5171ba8e7ed
https://github.com/RasmusWL
Python: Add taint for StringIO and BytesIOhttps://github.com/github/codeql/pull/8634/commits/769f5691d08dd8288e4eb6432e163b0a53c8ac21
769f569https://github.com/github/codeql/pull/8634/commits/769f5691d08dd8288e4eb6432e163b0a53c8ac21
https://github.com/RasmusWL
Python: Delete XmlEntityInjection.qlhttps://github.com/github/codeql/pull/8634/commits/c3653378671f7e8c39c20993f16f64224945bf97
c365337https://github.com/github/codeql/pull/8634/commits/c3653378671f7e8c39c20993f16f64224945bf97
https://github.com/RasmusWL
Python: Adjust XXE qhelphttps://github.com/github/codeql/pull/8634/commits/b00766b054d1b58a06dce48bd631a5b0eaacb7b7
b00766bhttps://github.com/github/codeql/pull/8634/commits/b00766b054d1b58a06dce48bd631a5b0eaacb7b7
https://github.com/RasmusWL
Python: Adjust XmlBomb.qhelp from JShttps://github.com/github/codeql/pull/8634/commits/56b9c891d85636c543bf9529dd7b191908248be7
56b9c89https://github.com/github/codeql/pull/8634/commits/56b9c891d85636c543bf9529dd7b191908248be7
https://github.com/RasmusWL
Python: Add PortSwigger link to Xxe.qhelphttps://github.com/github/codeql/pull/8634/commits/9caf4be21be7370a0317ae44205dfb35a5169073
9caf4behttps://github.com/github/codeql/pull/8634/commits/9caf4be21be7370a0317ae44205dfb35a5169073
https://github.com/RasmusWL
Python: Promote XMLParsing concepthttps://github.com/github/codeql/pull/8634/commits/e005a5c0ab7409ebb6fb0002cdc7ab11a1b54bd1
e005a5chttps://github.com/github/codeql/pull/8634/commits/e005a5c0ab7409ebb6fb0002cdc7ab11a1b54bd1
https://github.com/RasmusWL
Python: => XMLParsingVulnerabilityKindhttps://github.com/github/codeql/pull/8634/commits/e45288e812a0cd0f87cb909768b60847ec5aa997
e45288ehttps://github.com/github/codeql/pull/8634/commits/e45288e812a0cd0f87cb909768b60847ec5aa997
https://github.com/RasmusWL
Python: Promote XMLParsing concept testhttps://github.com/github/codeql/pull/8634/commits/35ccba2ec10b2610969ac790d8ca8fa76a282ad9
35ccba2https://github.com/github/codeql/pull/8634/commits/35ccba2ec10b2610969ac790d8ca8fa76a282ad9
https://github.com/RasmusWL
Python: Make XMLParsing a Decoding subclasshttps://github.com/github/codeql/pull/8634/commits/1ea4bcc59f4ccbfe02e454ae3223a8fa34ac33e3
1ea4bcchttps://github.com/github/codeql/pull/8634/commits/1ea4bcc59f4ccbfe02e454ae3223a8fa34ac33e3
https://github.com/RasmusWL
Python: Rename lxml XPath testshttps://github.com/github/codeql/pull/8634/commits/c4473c5f6506e6dcb8e6736f7d3ddd0acea022d4
c4473c5https://github.com/github/codeql/pull/8634/commits/c4473c5f6506e6dcb8e6736f7d3ddd0acea022d4
https://github.com/RasmusWL
Python: Handle XMLParser().close() for XPathhttps://github.com/github/codeql/pull/8634/commits/3040adfd9bdc26a0c54ef04453a1c8b2420bb4c5
3040adfhttps://github.com/github/codeql/pull/8634/commits/3040adfd9bdc26a0c54ef04453a1c8b2420bb4c5
https://github.com/RasmusWL
Python: Promote lxml parsing modelinghttps://github.com/github/codeql/pull/8634/commits/80b5cde3a2d3123029630450e41475f89253938c
80b5cdehttps://github.com/github/codeql/pull/8634/commits/80b5cde3a2d3123029630450e41475f89253938c
https://github.com/RasmusWL
Python: Promote xmltodict modelinghttps://github.com/github/codeql/pull/8634/commits/7f5f7679f8f9f14db7fac551bfb6071c08c41767
7f5f767https://github.com/github/codeql/pull/8634/commits/7f5f7679f8f9f14db7fac551bfb6071c08c41767
https://github.com/RasmusWL
Python: Promote xml.etree modelinghttps://github.com/github/codeql/pull/8634/commits/64aa503cc3b6374744efbaa2d6f4c322d03a3faa
64aa503https://github.com/github/codeql/pull/8634/commits/64aa503cc3b6374744efbaa2d6f4c322d03a3faa
https://github.com/RasmusWL
Python: Add some links in QLDocshttps://github.com/github/codeql/pull/8634/commits/a315aa84b2bdfad3cd3196336bbc1bc6fc658415
a315aa8https://github.com/github/codeql/pull/8634/commits/a315aa84b2bdfad3cd3196336bbc1bc6fc658415
https://github.com/RasmusWL
Python: Add note about parseid/XMLIDhttps://github.com/github/codeql/pull/8634/commits/6774085e7af76b7faa952d2b23cbc9232a57273d
6774085https://github.com/github/codeql/pull/8634/commits/6774085e7af76b7faa952d2b23cbc9232a57273d
https://github.com/RasmusWL
Python: Model lxml.etree.XMLIDhttps://github.com/github/codeql/pull/8634/commits/12cbdcde284e4e8fbce7a02ae0f65cedeee7e4eb
12cbdcdhttps://github.com/github/codeql/pull/8634/commits/12cbdcde284e4e8fbce7a02ae0f65cedeee7e4eb
https://github.com/RasmusWL
Python: Model lxml.iterparsehttps://github.com/github/codeql/pull/8634/commits/386ff5361415f17c248285300de71ca735e92f7a
386ff53https://github.com/github/codeql/pull/8634/commits/386ff5361415f17c248285300de71ca735e92f7a
https://github.com/RasmusWL
Python: Model file access from XML parsinghttps://github.com/github/codeql/pull/8634/commits/543454eff234ac2d403b932cb82b38309dea8002
543454ehttps://github.com/github/codeql/pull/8634/commits/543454eff234ac2d403b932cb82b38309dea8002
https://github.com/RasmusWL
Python: Add test showing misalignment of xml.etree modelinghttps://github.com/github/codeql/pull/8634/commits/db43d043c4cdd59c65424f20fdcdc0a7d79a632c
db43d04https://github.com/github/codeql/pull/8634/commits/db43d043c4cdd59c65424f20fdcdc0a7d79a632c
https://github.com/RasmusWL
Python: Merge xml.etree.ElementTree modelshttps://github.com/github/codeql/pull/8634/commits/70b3eecdd506fcb2e17f3eb027e7b05073c257df
70b3eechttps://github.com/github/codeql/pull/8634/commits/70b3eecdd506fcb2e17f3eb027e7b05073c257df
https://github.com/RasmusWL
Python: Align xml.etree.ElementTree modelinghttps://github.com/github/codeql/pull/8634/commits/05bb0ef97688627eacd4b6ed247b84a707385ed5
05bb0efhttps://github.com/github/codeql/pull/8634/commits/05bb0ef97688627eacd4b6ed247b84a707385ed5
https://github.com/RasmusWL
Python: Promote xml.sax and xml.dom.* modelinghttps://github.com/github/codeql/pull/8634/commits/e11269715dc55e3509625489267601b736c324f1
e112697https://github.com/github/codeql/pull/8634/commits/e11269715dc55e3509625489267601b736c324f1
https://github.com/RasmusWL
Python: xml.sax.parse is not a method callhttps://github.com/github/codeql/pull/8634/commits/1d7cec60ae09489618b7e561845b5a361c274583
1d7cec6https://github.com/github/codeql/pull/8634/commits/1d7cec60ae09489618b7e561845b5a361c274583
https://github.com/RasmusWL
Python: Extend FileSystemAccess for xml.sax and xml.dom.* parsinghttps://github.com/github/codeql/pull/8634/commits/b4c0065aeb160839129d25cc3ee1818564670d21
b4c0065https://github.com/github/codeql/pull/8634/commits/b4c0065aeb160839129d25cc3ee1818564670d21
https://github.com/RasmusWL
RasmusWLhttps://github.com/RasmusWL
Apr 5, 2022 https://github.com/github/codeql/pull/8634#ref-pullrequest-1192955603
Python: Rewrite concepts to use extends ... instanceof ... #8668 https://github.com/github/codeql/pull/8668
RasmusWLhttps://github.com/RasmusWL
April 6, 2022 12:56https://github.com/github/codeql/pull/8634#commits-pushed-23637fd
https://github.com/RasmusWL
Merge branch 'main' into promote-xxehttps://github.com/github/codeql/pull/8634/commits/23637fd691ceb60f44abaf9abd63b157c948d610
23637fdhttps://github.com/github/codeql/pull/8634/commits/23637fd691ceb60f44abaf9abd63b157c948d610
https://github.com/RasmusWL
Python: Rename more XML classes to follow conventionhttps://github.com/github/codeql/pull/8634/commits/c784f15762b8ea2f749e1f3d92fe29d498b63de3
c784f15https://github.com/github/codeql/pull/8634/commits/c784f15762b8ea2f749e1f3d92fe29d498b63de3
https://github.com/RasmusWL
Python: Use new API::CallNode for XML constant checkhttps://github.com/github/codeql/pull/8634/commits/f2f0873d911dc9bb685fa708707e3f4c1de6fc9d
f2f0873https://github.com/github/codeql/pull/8634/commits/f2f0873d911dc9bb685fa708707e3f4c1de6fc9d
https://github.com/RasmusWL
RasmusWLhttps://github.com/RasmusWL
Apr 6, 2022https://github.com/github/codeql/pull/8634#issuecomment-1090298819
Please reload this pagehttps://github.com/github/codeql/pull/8634
https://github.com/RasmusWL
Python: Change XmlBomb vulnerability kindhttps://github.com/github/codeql/pull/8634/commits/7728b6cf1b750eadf462606dbc3ca0660e86417d
7728b6chttps://github.com/github/codeql/pull/8634/commits/7728b6cf1b750eadf462606dbc3ca0660e86417d
https://github.com/RasmusWL
RasmusWLhttps://github.com/RasmusWL
April 7, 2022 13:30https://github.com/github/codeql/pull/8634#event-6388606860
RasmusWLhttps://github.com/RasmusWL
April 7, 2022 15:37https://github.com/github/codeql/pull/8634#commits-pushed-405480c
https://github.com/RasmusWL
Python: Rename sink definitions for XXE/XML bombhttps://github.com/github/codeql/pull/8634/commits/405480c41045f943e025aa7d21a33b971b231cf2
405480chttps://github.com/github/codeql/pull/8634/commits/405480c41045f943e025aa7d21a33b971b231cf2
https://github.com/RasmusWL
Python: Move last XXE/XML bomb out of experimentalhttps://github.com/github/codeql/pull/8634/commits/8191be9d7506bec7909a19f001276d2716d4f600
8191be9https://github.com/github/codeql/pull/8634/commits/8191be9d7506bec7909a19f001276d2716d4f600
https://github.com/RasmusWL
Python: Fix SimpleXmlRpcServer.expectedhttps://github.com/github/codeql/pull/8634/commits/517444b5ff3067a178c57bdda5d523bd8c16316c
517444bhttps://github.com/github/codeql/pull/8634/commits/517444b5ff3067a178c57bdda5d523bd8c16316c
https://github.com/RasmusWL
Merge branch 'main' into promote-xxehttps://github.com/github/codeql/pull/8634/commits/bb6969a1753e18f997cfde4e055efe5cc92a9856
bb6969ahttps://github.com/github/codeql/pull/8634/commits/bb6969a1753e18f997cfde4e055efe5cc92a9856
https://github.com/RasmusWL
RasmusWLhttps://github.com/RasmusWL
April 20, 2022 11:48https://github.com/github/codeql/pull/8634#event-6462488658
https://github.com/RasmusWL
RasmusWLhttps://github.com/RasmusWL
Apr 22, 2022https://github.com/github/codeql/pull/8634#issuecomment-1106201158
Please reload this pagehttps://github.com/github/codeql/pull/8634
RasmusWLhttps://github.com/RasmusWL
May 2, 2022 11:25https://github.com/github/codeql/pull/8634#commits-pushed-5f01fc2
https://github.com/RasmusWL
Merge branch 'main' into promote-xxehttps://github.com/github/codeql/pull/8634/commits/5f01fc24e42967cecdc3eb27385234fcd51d6963
5f01fc2https://github.com/github/codeql/pull/8634/commits/5f01fc24e42967cecdc3eb27385234fcd51d6963
https://github.com/RasmusWL
Python: Refactor SaxParserSetFeatureCallhttps://github.com/github/codeql/pull/8634/commits/714465bf39d97e31aa6f0a7aa01c57e16f3c3078
714465bhttps://github.com/github/codeql/pull/8634/commits/714465bf39d97e31aa6f0a7aa01c57e16f3c3078
@erik-kroghhttps://github.com/erik-krogh
https://github.com/github/codeql/pull/8693/files#diff-9627c1fb9a1cc77fb93e6b7e31af1a4fa908f2a60362cfb34377d24debb97398https://github.com/github/codeql/pull/8693/files#diff-9627c1fb9a1cc77fb93e6b7e31af1a4fa908f2a60362cfb34377d24debb97398
https://github.com/yoff
yoffhttps://github.com/yoff
May 5, 2022 https://github.com/github/codeql/pull/8634#pullrequestreview-963157395
View reviewed changes https://github.com/github/codeql/pull/8634/files/714465bf39d97e31aa6f0a7aa01c57e16f3c3078
yoffhttps://github.com/yoff
https://github.com/github/codeql/pull/8634#pullrequestreview-963157395
Learn morehttps://docs.github.com/articles/managing-disruptive-comments/#hiding-a-comment
Please reload this pagehttps://github.com/github/codeql/pull/8634
python/ql/src/Security/CWE-776/XmlBomb.qhelphttps://github.com/github/codeql/pull/8634/files/714465bf39d97e31aa6f0a7aa01c57e16f3c3078#diff-07b39fdc090c761b185294759307cd9e7b9dbfe7aefda97d29d6027d7424e4e9
Please reload this pagehttps://github.com/github/codeql/pull/8634
python/ql/lib/change-notes/2022-03-29-add-taint-for-StringIO.mdhttps://github.com/github/codeql/pull/8634/files/714465bf39d97e31aa6f0a7aa01c57e16f3c3078#diff-453f60209bf9860dd9b7e884e3ce558327da95b1edcbb5f753ab729a3aa4c887
Please reload this pagehttps://github.com/github/codeql/pull/8634
python/ql/lib/semmle/python/frameworks/Lxml.qllhttps://github.com/github/codeql/pull/8634/files/714465bf39d97e31aa6f0a7aa01c57e16f3c3078#diff-697c08d6bbeec88084fb0d09c2d3124a5fb8ca61821dfdc66caa40b862819fe3
yoffhttps://github.com/yoff
May 5, 2022https://github.com/github/codeql/pull/8634#discussion_r865968608
Learn morehttps://docs.github.com/articles/managing-disruptive-comments/#hiding-a-comment
Please reload this pagehttps://github.com/github/codeql/pull/8634
https://github.com/RasmusWL
RasmusWLhttps://github.com/RasmusWL
May 9, 2022https://github.com/github/codeql/pull/8634#issuecomment-1120822733
https://github.com/github/codeql/blob/714465bf39d97e31aa6f0a7aa01c57e16f3c3078/python/PoCs/XmlParsing/PoC.pyhttps://github.com/github/codeql/blob/714465bf39d97e31aa6f0a7aa01c57e16f3c3078/python/PoCs/XmlParsing/PoC.py
Please reload this pagehttps://github.com/github/codeql/pull/8634
RasmusWLhttps://github.com/RasmusWL
May 9, 2022 10:53https://github.com/github/codeql/pull/8634#commits-pushed-f5854f3
https://github.com/RasmusWL
https://github.com/yoff
Python: Apply suggestions from code reviewhttps://github.com/github/codeql/pull/8634/commits/f5854f33da4a51c39e4a6bccb778393d92e29efe
f5854f3https://github.com/github/codeql/pull/8634/commits/f5854f33da4a51c39e4a6bccb778393d92e29efe
https://github.com/RasmusWL
Python: Slight refactor of LxmlParsinghttps://github.com/github/codeql/pull/8634/commits/f22bd039f3014cb00e2f6211b686f5b2fc9198fd
f22bd03https://github.com/github/codeql/pull/8634/commits/f22bd039f3014cb00e2f6211b686f5b2fc9198fd
https://github.com/apps/github-advanced-security
github-advanced-securityhttps://github.com/apps/github-advanced-security
May 9, 2022 https://github.com/github/codeql/pull/8634#pullrequestreview-965811330
View reviewed changes https://github.com/github/codeql/pull/8634/files/f5854f33da4a51c39e4a6bccb778393d92e29efe
github-advanced-securityhttps://github.com/apps/github-advanced-security
https://github.com/github/codeql/pull/8634#pullrequestreview-965811330
Learn morehttps://docs.github.com/articles/managing-disruptive-comments/#hiding-a-comment
Please reload this pagehttps://github.com/github/codeql/pull/8634
python/ql/lib/semmle/python/frameworks/Stdlib.qllhttps://github.com/github/codeql/pull/8634/files/f5854f33da4a51c39e4a6bccb778393d92e29efe#diff-cac9a82bbea79b64358a082adcd1d176aa565091e6c6391c3b61cbb1bf784971
Please reload this pagehttps://github.com/github/codeql/pull/8634
python/ql/lib/semmle/python/frameworks/Stdlib.qllhttps://github.com/github/codeql/pull/8634/files/f5854f33da4a51c39e4a6bccb778393d92e29efe#diff-cac9a82bbea79b64358a082adcd1d176aa565091e6c6391c3b61cbb1bf784971
python/ql/lib/semmle/python/frameworks/Stdlib.qllhttps://github.com/github/codeql/pull/8634/files/f5854f33da4a51c39e4a6bccb778393d92e29efe#diff-cac9a82bbea79b64358a082adcd1d176aa565091e6c6391c3b61cbb1bf784971
python/ql/test/experimental/meta/ConceptsTest.qllhttps://github.com/github/codeql/pull/8634/files/f5854f33da4a51c39e4a6bccb778393d92e29efe#diff-3b8283245699453d7bcadeac6ce20139bacb391c1453a5ddff95995e75eb51c0
Please reload this pagehttps://github.com/github/codeql/pull/8634
python/ql/lib/semmle/python/frameworks/Stdlib.qllhttps://github.com/github/codeql/pull/8634/files/f5854f33da4a51c39e4a6bccb778393d92e29efe#diff-cac9a82bbea79b64358a082adcd1d176aa565091e6c6391c3b61cbb1bf784971
Please reload this pagehttps://github.com/github/codeql/pull/8634
RasmusWLhttps://github.com/RasmusWL
May 9, 2022 11:00https://github.com/github/codeql/pull/8634#commits-pushed-3634922
https://github.com/RasmusWL
Python: Fix casing of XMLDomParsinghttps://github.com/github/codeql/pull/8634/commits/36349222a9561c6996fbd6f2e30ab8580313e5ac
3634922https://github.com/github/codeql/pull/8634/commits/36349222a9561c6996fbd6f2e30ab8580313e5ac
https://github.com/RasmusWL
Python: Fix singleton sethttps://github.com/github/codeql/pull/8634/commits/de05b108faaa469952bf8d83cfa0f2b5d6e086b4
de05b10https://github.com/github/codeql/pull/8634/commits/de05b108faaa469952bf8d83cfa0f2b5d6e086b4
https://github.com/RasmusWL
RasmusWLhttps://github.com/RasmusWL
May 9, 2022https://github.com/github/codeql/pull/8634#issuecomment-1120839368
Please reload this pagehttps://github.com/github/codeql/pull/8634
https://github.com/RasmusWL
RasmusWLhttps://github.com/RasmusWL
yoffhttps://github.com/yoff
May 9, 2022 09:52https://github.com/github/codeql/pull/8634#event-6571759631
https://github.com/yoff
yoffhttps://github.com/yoff
May 9, 2022 https://github.com/github/codeql/pull/8634#pullrequestreview-966023200
View reviewed changes https://github.com/github/codeql/pull/8634/files/de05b108faaa469952bf8d83cfa0f2b5d6e086b4
yoffhttps://github.com/yoff
https://github.com/github/codeql/pull/8634#pullrequestreview-966023200
Learn morehttps://docs.github.com/articles/managing-disruptive-comments/#hiding-a-comment
Please reload this pagehttps://github.com/github/codeql/pull/8634
python/ql/lib/semmle/python/frameworks/Stdlib.qllhttps://github.com/github/codeql/pull/8634/files/de05b108faaa469952bf8d83cfa0f2b5d6e086b4#diff-cac9a82bbea79b64358a082adcd1d176aa565091e6c6391c3b61cbb1bf784971
Please reload this pagehttps://github.com/github/codeql/pull/8634
https://github.com/RasmusWL
https://github.com/yoff
Python: Apply suggestions from code reviewhttps://github.com/github/codeql/pull/8634/commits/4a6789182d4d4d18526e05d05cf3028c3a59b92c
4a67891https://github.com/github/codeql/pull/8634/commits/4a6789182d4d4d18526e05d05cf3028c3a59b92c
https://github.com/RasmusWL
RasmusWLhttps://github.com/RasmusWL
yoffhttps://github.com/yoff
May 9, 2022 14:37https://github.com/github/codeql/pull/8634#event-6573784747
https://github.com/yoff
yoffhttps://github.com/yoff
May 9, 2022 https://github.com/github/codeql/pull/8634#pullrequestreview-966758612
View reviewed changes https://github.com/github/codeql/pull/8634/files/4a6789182d4d4d18526e05d05cf3028c3a59b92c
yoffhttps://github.com/yoff
https://github.com/github/codeql/pull/8634#pullrequestreview-966758612
Learn morehttps://docs.github.com/articles/managing-disruptive-comments/#hiding-a-comment
Please reload this pagehttps://github.com/github/codeql/pull/8634
https://github.com/yoff
yoffhttps://github.com/yoff
b6605bchttps://github.com/github/codeql/commit/b6605bc33098657f6ec81da8e1304839c4ae25ad
May 9, 2022https://github.com/github/codeql/pull/8634#event-6575871569
https://github.com/RasmusWL
RasmusWLhttps://github.com/RasmusWL
May 10, 2022 08:46https://github.com/github/codeql/pull/8634#event-6580002341
Sign up for freehttps://github.com/join?source=comment-repo
Sign in to commenthttps://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fgithub%2Fcodeql%2Fpull%2F8634
https://github.com/yoff
yoff https://github.com/yoff
https://github.com/github/codeql/pull/8634/files/4a6789182d4d4d18526e05d05cf3028c3a59b92c
documentation https://github.com/github/codeql/issues?q=state%3Aopen%20label%3Adocumentation
Python https://github.com/github/codeql/issues?q=state%3Aopen%20label%3APython
Please reload this pagehttps://github.com/github/codeql/pull/8634
https://github.com/RasmusWL
https://github.com/yoff
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width

URLs of crawlers that visited me.