1
0
mirror of synced 2024-11-22 09:14:23 +01:00

Add defusedxml as an (optional) way to prevent XML-based attacks

Those attacks are DoS-only.
This commit is contained in:
jvoisin 2018-07-08 17:07:26 +02:00
parent 72e1fda18d
commit f9bc022c96

View File

@ -4,8 +4,11 @@ import shutil
import tempfile
import datetime
import zipfile
import xml.etree.ElementTree as ET
from typing import Dict, Set, Pattern
try: # protect against DoS
from defusedxml import ElementTree as ET
except ImportError:
import xml.etree.ElementTree as ET
from . import abstract, parser_factory