Pieter De Cremer (Semgrep)

It looks like Semgrep does not take the order of decorators into account currently: https://semgrep.dev/playground/s/pKLAZ While your regex is a nice workaround, I am reporting this as a bug/feature request...

Before merging, we will also need to move the file to the right directory in the dir structure.

Hi @coheigea , thanks for your report! It's on our to do list to clean up these XXE rules, but it's not high priority right now. We have a set...

Yes! It will/should be! And we can submit a PR to update the OWASP cheatsheet to link to your rule as well!