diff options
| author | Christian Heimes <christian@python.org> | 2013-02-15 00:55:56 +0100 |
|---|---|---|
| committer | Christian Heimes <christian@python.org> | 2013-02-15 00:55:56 +0100 |
| commit | d9d3b029413bf149e69374829882afa3f1c78821 (patch) | |
| tree | c24d259c950d8965ce68ac0c12fe80424318503a | |
| parent | a8e93374a9d6d91ab8d4f046236c2375d8ec2b3c (diff) | |
| download | defusedxml-git-d9d3b029413bf149e69374829882afa3f1c78821.tar.gz | |
add forbid_external to all classs and functions
| -rw-r--r-- | defusedxml/ElementTree.py | 6 | ||||
| -rw-r--r-- | defusedxml/common.py | 23 | ||||
| -rw-r--r-- | defusedxml/expatbuilder.py | 27 | ||||
| -rw-r--r-- | defusedxml/expatreader.py | 11 | ||||
| -rw-r--r-- | defusedxml/minidom.py | 17 | ||||
| -rw-r--r-- | defusedxml/pulldom.py | 7 | ||||
| -rw-r--r-- | defusedxml/sax.py | 7 |
7 files changed, 64 insertions, 34 deletions
diff --git a/defusedxml/ElementTree.py b/defusedxml/ElementTree.py index b55dd98..a2f1f58 100644 --- a/defusedxml/ElementTree.py +++ b/defusedxml/ElementTree.py @@ -64,7 +64,8 @@ if PY3: class DefusedXMLParser(_XMLParser): def __init__(self, html=0, target=None, encoding=None, - forbid_dtd=False, forbid_entities=True): + forbid_dtd=False, forbid_entities=True, + forbid_external=True): if PY26 or PY31: _XMLParser.__init__(self, html, target) else: @@ -72,6 +73,7 @@ class DefusedXMLParser(_XMLParser): _XMLParser.__init__(self, html, target, encoding) self.forbid_dtd = forbid_dtd self.forbid_entities = forbid_entities + self.forbid_external = forbid_external if PY3 and not PY31: parser = self.parser else: @@ -81,7 +83,7 @@ class DefusedXMLParser(_XMLParser): if self.forbid_entities: parser.EntityDeclHandler = self.defused_entity_decl parser.UnparsedEntityDeclHandler = self.defused_unparsed_entity_decl - if hasattr(parser.ExternalEntityRefHandler, "__call__"): + if self.forbid_external: parser.ExternalEntityRefHandler = self.defused_external_entity_ref_handler def defused_start_doctype_decl(self, name, sysid, pubid, diff --git a/defusedxml/common.py b/defusedxml/common.py index 0492304..04f7ca6 100644 --- a/defusedxml/common.py +++ b/defusedxml/common.py @@ -89,18 +89,20 @@ def _generate_etree_functions(DefusedXMLParser, _TreeBuilder, """Factory for functions needed by etree, dependent on whether cElementTree or ElementTree is used.""" - def parse(source, parser=None, forbid_dtd=False, forbid_entities=True): + def parse(source, parser=None, forbid_dtd=False, forbid_entities=True, + forbid_external=True): if parser is None: parser = DefusedXMLParser(target=_TreeBuilder(), forbid_dtd=forbid_dtd, - forbid_entities=forbid_entities) + forbid_entities=forbid_entities, + forbid_external=forbid_external) return _parse(source, parser) if PY26 or PY31: def unbound(f): return getattr(f, "__func__", f) def iterparse(source, events=None, forbid_dtd=False, - forbid_entities=True): + forbid_entities=True, forbid_external=True): it = _iterparse(source, events) parser = it._parser._parser if forbid_dtd: @@ -111,19 +113,22 @@ def _generate_etree_functions(DefusedXMLParser, _TreeBuilder, unbound(DefusedXMLParser.defused_entity_decl) parser.UnparsedEntityDeclHandler = \ unbound(DefusedXMLParser.defused_unparsed_entity_decl) - if hasattr(parser.ExternalEntityRefHandler, "__call__"): + if forbid_external: parser.ExternalEntityRefHandler = \ unbound(DefusedXMLParser.defused_external_entity_ref_handler) return it elif PY3: def iterparse(source, events=None, parser=None, forbid_dtd=False, - forbid_entities=True): + forbid_entities=True, forbid_external=True): close_source = False if not hasattr(source, "read"): source = open(source, "rb") close_source = True if not parser: - parser = DefusedXMLParser(target=_TreeBuilder()) + parser = DefusedXMLParser(target=_TreeBuilder(), + forbid_dtd=forbid_dtd, + forbid_entities=forbid_entities, + forbid_external=forbid_external) return _IterParseIterator(source, events, parser, close_source) else: # Python 2.7 @@ -133,10 +138,12 @@ def _generate_etree_functions(DefusedXMLParser, _TreeBuilder, parser = DefusedXMLParser(target=_TreeBuilder()) return _iterparse(source, events, parser) - def fromstring(text, forbid_dtd=False, forbid_entities=True): + def fromstring(text, forbid_dtd=False, forbid_entities=True, + forbid_external=True): parser = DefusedXMLParser(target=_TreeBuilder(), forbid_dtd=forbid_dtd, - forbid_entities=forbid_entities) + forbid_entities=forbid_entities, + forbid_external=forbid_external) parser.feed(text) return parser.close() diff --git a/defusedxml/expatbuilder.py b/defusedxml/expatbuilder.py index be99080..d81fd2f 100644 --- a/defusedxml/expatbuilder.py +++ b/defusedxml/expatbuilder.py @@ -17,10 +17,14 @@ __origin__ = "xml.dom.expatbuilder" class DefusedExpatBuilder(_ExpatBuilder): - def __init__(self, options=None, forbid_dtd=False, forbid_entities=True): + """Defused document builder""" + + def __init__(self, options=None, forbid_dtd=False, forbid_entities=True, + forbid_external=True): _ExpatBuilder.__init__(self, options) self.forbid_dtd = forbid_dtd self.forbid_entities = forbid_entities + self.forbid_external = forbid_external def defused_start_doctype_decl(self, name, sysid, pubid, has_internal_subset): @@ -48,12 +52,12 @@ class DefusedExpatBuilder(_ExpatBuilder): #if self._options.entities: parser.EntityDeclHandler = self.defused_entity_decl parser.UnparsedEntityDeclHandler = self.defused_unparsed_entity_decl - if hasattr(parser.ExternalEntityRefHandler, "__call__"): + if self.forbid_external: parser.ExternalEntityRefHandler = self.defused_external_entity_ref_handler class DefusedExpatBuilderNS(_Namespaces, DefusedExpatBuilder): - """Document builder that supports namespaces.""" + """Defused document builder that supports namespaces.""" def install(self, parser): DefusedExpatBuilder.install(self, parser) @@ -66,17 +70,19 @@ class DefusedExpatBuilderNS(_Namespaces, DefusedExpatBuilder): self._initNamespaces() -def parse(file, namespaces=True, forbid_dtd=False, forbid_entities=True): +def parse(file, namespaces=True, forbid_dtd=False, forbid_entities=True, + forbid_external=True): """Parse a document, returning the resulting Document node. 'file' may be either a file name or an open file object. """ if namespaces: - builder = DefusedExpatBuilderNS(forbid_dtd=forbid_dtd, - forbid_entities=forbid_entities) + build_builder = DefusedExpatBuilderNS else: - builder = DefusedExpatBuilder(forbid_dtd=forbid_dtd, - forbid_entities=forbid_entities) + build_builder = DefusedExpatBuilder + builder = build_builder(forbid_dtd=forbid_dtd, + forbid_entities=forbid_entities, + forbid_external=forbid_external) if isinstance(file, str): fp = open(file, 'rb') @@ -90,7 +96,7 @@ def parse(file, namespaces=True, forbid_dtd=False, forbid_entities=True): def parseString(string, namespaces=True, forbid_dtd=False, - forbid_entities=True): + forbid_entities=True, forbid_external=True): """Parse a document from a string, returning the resulting Document node. """ @@ -99,5 +105,6 @@ def parseString(string, namespaces=True, forbid_dtd=False, else: build_builder = DefusedExpatBuilder builder = build_builder(forbid_dtd=forbid_dtd, - forbid_entities=forbid_entities) + forbid_entities=forbid_entities, + forbid_external=forbid_external) return builder.parseString(string) diff --git a/defusedxml/expatreader.py b/defusedxml/expatreader.py index 946dad5..ef6bc39 100644 --- a/defusedxml/expatreader.py +++ b/defusedxml/expatreader.py @@ -16,12 +16,15 @@ __origin__ = "xml.sax.expatreader" class DefusedExpatParser(_ExpatParser): + """Defused SAX driver for the pyexpat C module.""" - def __init__(self, forbid_dtd=False, forbid_entities=True, - *args, **kwargs): - _ExpatParser.__init__(self, *args, **kwargs) + def __init__(self, namespaceHandling=0, bufsize=2 ** 16 - 20, + forbid_dtd=False, forbid_entities=True, + forbid_external=True): + _ExpatParser.__init__(self, namespaceHandling, bufsize) self.forbid_dtd = forbid_dtd self.forbid_entities = forbid_entities + self.forbid_external = forbid_external def defused_start_doctype_decl(self, name, sysid, pubid, has_internal_subset): @@ -48,7 +51,7 @@ class DefusedExpatParser(_ExpatParser): if self.forbid_entities: parser.EntityDeclHandler = self.defused_entity_decl parser.UnparsedEntityDeclHandler = self.defused_unparsed_entity_decl - if hasattr(parser.ExternalEntityRefHandler, "__call__"): + if self.forbid_external: parser.ExternalEntityRefHandler = self.defused_external_entity_ref_handler diff --git a/defusedxml/minidom.py b/defusedxml/minidom.py index d54586e..1ce6946 100644 --- a/defusedxml/minidom.py +++ b/defusedxml/minidom.py @@ -13,23 +13,28 @@ from . import pulldom as _pulldom __origin__ = "xml.dom.minidom" -def parse(file, parser=None, bufsize=None, forbid_dtd=False, forbid_entities=True): +def parse(file, parser=None, bufsize=None, forbid_dtd=False, + forbid_entities=True, forbid_external=True): """Parse a file into a DOM by filename or file object.""" if parser is None and not bufsize: return _expatbuilder.parse(file, forbid_dtd=forbid_dtd, - forbid_entities=forbid_entities) + forbid_entities=forbid_entities, + forbid_external=forbid_external) else: return _do_pulldom_parse(_pulldom.parse, (file,), {'parser': parser, 'bufsize': bufsize, - 'forbid_dtd': forbid_dtd, 'forbid_entities': forbid_entities}) + 'forbid_dtd': forbid_dtd, 'forbid_entities': forbid_entities, + 'forbid_external': forbid_external}) def parseString(string, parser=None, forbid_dtd=False, - forbid_entities=True): + forbid_entities=True, forbid_external=True): """Parse a file into a DOM from a string.""" if parser is None: return _expatbuilder.parseString(string, forbid_dtd=forbid_dtd, - forbid_entities=forbid_entities) + forbid_entities=forbid_entities, + forbid_external=forbid_external) else: return _do_pulldom_parse(_pulldom.parseString, (string,), {'parser': parser, 'forbid_dtd': forbid_dtd, - 'forbid_entities': forbid_entities}) + 'forbid_entities': forbid_entities, + 'forbid_external': forbid_external}) diff --git a/defusedxml/pulldom.py b/defusedxml/pulldom.py index b2ac820..fc9e466 100644 --- a/defusedxml/pulldom.py +++ b/defusedxml/pulldom.py @@ -15,17 +15,20 @@ __origin__ = "xml.dom.pulldom" def parse(stream_or_string, parser=None, bufsize=None, forbid_dtd=False, - forbid_entities=True): + forbid_entities=True, forbid_external=True): if parser is None: parser = make_parser() parser.forbid_dtd = forbid_dtd parser.forbid_entities = forbid_entities + parser.forbid_external = forbid_external return _parse(stream_or_string, parser, bufsize) -def parseString(string, parser=None, forbid_dtd=False, forbid_entities=True): +def parseString(string, parser=None, forbid_dtd=False, + forbid_entities=True, forbid_external=True): if parser is None: parser = make_parser() parser.forbid_dtd = forbid_dtd parser.forbid_entities = forbid_entities + parser.forbid_external = forbid_external return _parseString(string, parser) diff --git a/defusedxml/sax.py b/defusedxml/sax.py index d0fa646..17bba5d 100644 --- a/defusedxml/sax.py +++ b/defusedxml/sax.py @@ -15,17 +15,19 @@ from . import expatreader __origin__ = "xml.sax" def parse(source, handler, errorHandler=_ErrorHandler(), forbid_dtd=False, - forbid_entities=True): + forbid_entities=True, forbid_external=True): parser = make_parser() parser.setContentHandler(handler) parser.setErrorHandler(errorHandler) parser.forbid_dtd = forbid_dtd parser.forbid_entities = forbid_entities + parser.forbid_external = forbid_external parser.parse(source) def parseString(string, handler, errorHandler=_ErrorHandler(), - forbid_dtd=False, forbid_entities=True): + forbid_dtd=False, forbid_entities=True, + forbid_external=True): from io import BytesIO if errorHandler is None: @@ -35,6 +37,7 @@ def parseString(string, handler, errorHandler=_ErrorHandler(), parser.setErrorHandler(errorHandler) parser.forbid_dtd = forbid_dtd parser.forbid_entities = forbid_entities + parser.forbid_external = forbid_external inpsrc = _InputSource() inpsrc.setByteStream(BytesIO(string)) |