SAST: how code analysis tools look for security flaws

Vulnerabilities due to XML files processing: XXE in C# applications in theory and in practice

How Visual Studio 2022 ate up 100 GB of memory and what XML bombs had to do with it