Remove defusedxml support and document why

2018-09-05 18:41:08 +02:00 · 2018-09-05 18:41:08 +02:00 · 072ee1814d
parent 3649c0ccaf
commit 072ee1814d
2 changed files with 9 additions and 5 deletions
--- a/doc/implementation_notes.md
+++ b/doc/implementation_notes.md
@ -61,3 +61,11 @@ Images handling
 When possible, images are handled like PDF: rendered on a surface, then saved
 to the filesystem. This ensures that every metadata is removed.

+XML attacks
+-----------
+
+Since our thread model conveniently excludes files crafted to specifically
+bypass MAT2, fileformats containing harmful XML are out of our scope.
+But since MAT2 is using [etree](https://docs.python.org/3/library/xml.html#xml-vulnerabilities)
+to process XML, it's "only" vulnerable to DoS, and not memory corruption:
+odds are that the user will notice that the cleaning didn't succeed.
--- a/libmat2/office.py
+++ b/libmat2/office.py
@ -7,11 +7,7 @@ import zipfile
 import logging
 from typing import Dict, Set, Pattern

-try:  # protect against DoS
-    from defusedxml import ElementTree as ET  # type: ignore
-except ImportError:
-    import xml.etree.ElementTree as ET  # type: ignore
-
+import xml.etree.ElementTree as ET  # type: ignore

 from . import abstract, parser_factory