61 lines
2.1 KiB
Python
61 lines
2.1 KiB
Python
# defusedxml
|
|
#
|
|
# Copyright (c) 2013 by Christian Heimes <christian@python.org>
|
|
# Licensed to PSF under a Contributor Agreement.
|
|
# See https://www.python.org/psf/license for licensing details.
|
|
"""Defused xml.sax.expatreader
|
|
"""
|
|
from __future__ import print_function, absolute_import
|
|
|
|
from xml.sax.expatreader import ExpatParser as _ExpatParser
|
|
|
|
from .common import DTDForbidden, EntitiesForbidden, ExternalReferenceForbidden
|
|
|
|
__origin__ = "xml.sax.expatreader"
|
|
|
|
|
|
class DefusedExpatParser(_ExpatParser):
|
|
"""Defused SAX driver for the pyexpat C module."""
|
|
|
|
def __init__(
|
|
self,
|
|
namespaceHandling=0,
|
|
bufsize=2 ** 16 - 20,
|
|
forbid_dtd=False,
|
|
forbid_entities=True,
|
|
forbid_external=True,
|
|
):
|
|
super().__init__(namespaceHandling, bufsize)
|
|
self.forbid_dtd = forbid_dtd
|
|
self.forbid_entities = forbid_entities
|
|
self.forbid_external = forbid_external
|
|
|
|
def defused_start_doctype_decl(self, name, sysid, pubid, has_internal_subset):
|
|
raise DTDForbidden(name, sysid, pubid)
|
|
|
|
def defused_entity_decl(
|
|
self, name, is_parameter_entity, value, base, sysid, pubid, notation_name
|
|
):
|
|
raise EntitiesForbidden(name, value, base, sysid, pubid, notation_name)
|
|
|
|
def defused_unparsed_entity_decl(self, name, base, sysid, pubid, notation_name):
|
|
# expat 1.2
|
|
raise EntitiesForbidden(name, None, base, sysid, pubid, notation_name) # pragma: no cover
|
|
|
|
def defused_external_entity_ref_handler(self, context, base, sysid, pubid):
|
|
raise ExternalReferenceForbidden(context, base, sysid, pubid)
|
|
|
|
def reset(self):
|
|
super().reset()
|
|
parser = self._parser
|
|
if self.forbid_dtd:
|
|
parser.StartDoctypeDeclHandler = self.defused_start_doctype_decl
|
|
if self.forbid_entities:
|
|
parser.EntityDeclHandler = self.defused_entity_decl
|
|
parser.UnparsedEntityDeclHandler = self.defused_unparsed_entity_decl
|
|
if self.forbid_external:
|
|
parser.ExternalEntityRefHandler = self.defused_external_entity_ref_handler
|
|
|
|
|
|
def create_parser(*args, **kwargs):
|
|
return DefusedExpatParser(*args, **kwargs)
|