Add defusedxml as an (optional) way to prevent XML-based attacks

Those attacks are DoS-only.
2024-11-22 09:14:23 +01:00 · 2018-07-08 17:07:26 +02:00 · 2018-07-08 17:07:26 +02:00 · f9bc022c96
commit f9bc022c96
parent 72e1fda18d
1 changed files with 4 additions and 1 deletions
--- a/libmat2/office.py
+++ b/libmat2/office.py
@ -4,8 +4,11 @@ import shutil
 import tempfile
 import datetime
 import zipfile
-import xml.etree.ElementTree as ET
 from typing import Dict, Set, Pattern
+try:  # protect against DoS
+    from defusedxml import ElementTree as ET
+except ImportError:
+    import xml.etree.ElementTree as ET


 from . import abstract, parser_factory