codeql/rust/ql/src/change-notes/2026-02-20-xxe.md at 975843889ad70a7e42cf5c87203d69894816933c · github/codeql · GitHub

4 lines (4 loc) · 355 Bytes

  
    category
    newQuery
  
Added a new query, rust/xxe, to detect XML external entity (XXE) vulnerabilities in Rust code that uses the libxml crate (bindings to C's libxml2). The query flags calls to libxml2 parsing functions with unsafe options (XML_PARSE_NOENT or XML_PARSE_DTDLOAD) when the XML input comes from a user-controlled source.