Add defusedxml as an (optional) way to prevent XML-based attacks
Those attacks are DoS-only.
This commit is contained in:
jvoisin
parent
72e1fda18d
commit
f9bc022c96
@ -4,8 +4,11 @@ import shutil
|
|||||||
import tempfile
|
import tempfile
|
||||||
import datetime
|
import datetime
|
||||||
import zipfile
|
import zipfile
|
||||||
import xml.etree.ElementTree as ET
|
|
||||||
from typing import Dict, Set, Pattern
|
from typing import Dict, Set, Pattern
|
||||||
|
try: # protect against DoS
|
||||||
|
from defusedxml import ElementTree as ET
|
||||||
|
except ImportError:
|
||||||
|
import xml.etree.ElementTree as ET
|
||||||
|
|
||||||
|
|
||||||
from . import abstract, parser_factory
|
from . import abstract, parser_factory
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user