xmltodict parses XML into nested dicts (uses expat under the hood). Entity expansion is disabled by default, but the module's parse() still exposes untrusted XML to the app. Not a full XXE defense.
.parse().parse()Sourcexmltodict.parse(xml_input, encoding=None, expat=expat, process_namespaces=False, ...) -> dict
Parses XML to dict. Source for user-controlled XML content.
return| FQN | Field | |
|---|---|---|
| xmltodict | fqns[0] |
Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.
from codepathfinder.go_rule import PyXmltodict