latiotech · pixeebot · Dec 20, 2024 · jit-ci · Dec 20, 2024 · jit-ci
@@ -4,6 +4,7 @@
 import sqlite3
 import requests
 from lxml import etree
+import lxml.etree
 
 # Example hardcoded AWS credentials (sensitive data leakage)
 aws_access_key_id = 'AKIA2JAPX77RGLB664VE'
@@ -68,7 +69,7 @@
             try:
                 # Use lxml to parse the XML data
                 parser = etree.XMLParser(load_dtd=True, resolve_entities=True)
-                tree = etree.fromstring(xml_data.encode(), parser)
+                tree = etree.fromstring(xml_data.encode(), parser, parser=lxml.etree.XMLParser(resolve_entities=False))
                 output = f"Parsed XML: {etree.tostring(tree, encoding='unicode')}"
             except Exception as e:
                 output = f"XML Parsing Error: {e}"