sdk/python/Deserialization/PyDefusedXml
Deserialization

PyDefusedXml

defusedxml is the hardened XML parser suite. It wraps xml.etree, xml.sax, xml.dom, lxml etc. with external-entity resolution disabled. Using defusedxml counterparts is the recommended sanitizer for XML sources.

2 sanitizers

Sanitizers

.parse()Sanitizer
#
Signature
defusedxml.ElementTree.parse(source, parser=None) -> ElementTree

Safe XML parse. XXE-free. Sanitizer.

tracks:return
.fromstring()Sanitizer
#
Signature
defusedxml.ElementTree.fromstring(text, parser=None) -> Element

Safe XML parse from string. Sanitizer.

tracks:return

Fully-Qualified Names

FQNField
defusedxmlfqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

rule.py
from codepathfinder.go_rule import PyDefusedXml
Next →PyJson