How to use defusedxml - 10 common examples
To help you get started, we’ve selected a few defusedxml examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
kubernetes / test-infra / kettle / make_json.py View on Github 
def parse_junit(xml):
"""Generate failed tests as a series of dicts. Ignore skipped tests."""
# NOTE: this is modified from gubernator/view_build.py
try:
tree = ET.fromstring(xml)
except ET.ParseError:
print("Malformed xml, skipping")
return [] #return empty itterator to skip results for this test
# pylint: disable=redefined-outer-name
def make_result(name, time, failure_text):
if failure_text:
if time is None:
return {'name': name, 'failed': True, 'failure_text': failure_text}
return {'name': name, 'time': time, 'failed': True, 'failure_text': failure_text}
if time is None:
return {'name': name}
return {'name': name, 'time': time}<source>Reference1
http://localhost/badvulnerability.htm
Reference Name
<source>MISC
http://localhost2/reference_for_badvulnerability.pdf
Reference for a bad vulnerability
cpe:/a:component2:component2:1.0
"""
vulnerability = ElementTree.fromstring(finding_xml)
expected_references = 'name: Reference Name\nsource: Reference1\nurl: http://localhost/badvulnerability.htm\n\n'
expected_references += 'name: Reference for a bad vulnerability\nsource: MISC\n'
expected_references += 'url: http://localhost2/reference_for_badvulnerability.pdf\n\n'
testfile = TestFile('dp_finding.xml', finding_xml)
parser = DependencyCheckParser(testfile, Test())
finding = parser.get_finding_from_vulnerability(vulnerability,
'testfile.jar', Test())
self.assertEqual('testfile.jar | CVE-0000-0001', finding.title)
self.assertEqual('High', finding.severity)
self.assertEqual(
'Description of a bad vulnerability.',
finding.description)
self.assertEqual(expected_references, finding.references)
def parse_xml(self, xml, filename):
if not xml:
return # can't extract results from nothing!
try:
tree = ET.fromstring(xml)
except ET.ParseError, e:
logging.exception('parse_junit failed for %s', filename)
try:
tree = ET.fromstring(re.sub(r'[\x00\x80-\xFF]+', '?', xml))
except ET.ParseError, e:
if re.match(r'junit.*\.xml', os.path.basename(filename)):
self.failed.append(
('Gubernator Internal Fatal XML Parse Error', 0.0, str(e), filename, ''))
return
if tree.tag == 'testsuite':
self.handle_suite(tree, filename)
elif tree.tag == 'testsuites':
for testsuite in tree:
self.handle_suite(testsuite, filename)
else:
logging.error('unable to find failures, unexpected tag %s', tree.tag)def test_map_to_wmc(self):
""" /maps/1/wmc -> Test map WMC export
Make some assertions about the data structure produced
for serialization to a Web Map Context Document
"""
map_obj = Map.objects.all().first()
map_obj.set_default_permissions()
response = self.client.get(reverse('map_wmc', args=(map_obj.id,)))
self.assertEqual(response.status_code, 200)
# check specific XPaths
wmc = dlxml.fromstring(response.content)
namespace = '{http://www.opengis.net/context}'
title = '{ns}General/{ns}Title'.format(ns=namespace)
abstract = '{ns}General/{ns}Abstract'.format(ns=namespace)
self.assertIsNotNone(wmc.attrib.get('id'))
self.assertEqual(wmc.find(title).text, 'GeoNode Default Map')
self.assertEqual(
wmc.find(abstract).text,
'GeoNode default map abstract')def __init__(self, _conn, name="test", id=1, *args, **kwargs):
self._conn = _conn
self._state = [1, 1]
with open(os.path.join(CUR_PATH, "testdomain.xml")) as dom_xmlfile:
self.dom_xml = defusedxml.lxml.fromstring(dom_xmlfile.read())
self.set_id(id)
self.set_name(name)def testParameterEntity_doctype(self):
tree = _LXML.parse('../../xml_files_windows/xxep/parameterEntity_doctype.xml')
root = tree.getroot()
self.assertEquals(None, root.text)def testInternalSubset_ExternalPEReferenceInDTD(self):
with self.assertRaises(EntitiesForbidden):
tree = _LXML.parse('../../xml_files_windows/xxep/internalSubset_ExternalPEReferenceInDTD.xml')def testXXE(self):
with self.assertRaises(EntitiesForbidden):
tree = _LXML.parse('../../xml_files_windows/xxe/xxe.xml')def testXXE(self):
with self.assertRaises(EntitiesForbidden):
document = '../../xml_files_windows/xxe/xxe.xml'
doc = minidom.parse(document) def testURLInvocation_doctype(self):
#Reset the server back to "0"
r = requests.get(self._URL_+"/reset")
r = requests.get(self._URL_ +"/getCounter")
request_content = r.text.replace("\r\n","")
self.assertEqual("0", request_content)
document = '../../xml_files_windows/ssrf/url_invocation_doctype.xml'
doc = minidom.parse(document)
content = doc.documentElement.toxml()
#Check if a request has been made
r = requests.get(self._URL_ +"/getCounter")
request_content = r.text.replace("\r\n","")
self.assertEqual("0", request_content)
'''defusedxml
XML bomb protection for Python stdlib modules
Package Health Score
70 / 100Popular defusedxml functions
- defusedxml.cElementTree
- defusedxml.cElementTree.fromstring
- defusedxml.cElementTree.parse
- defusedxml.ElementTree
- defusedxml.ElementTree.Element
- defusedxml.ElementTree.fromstring
- defusedxml.ElementTree.parse
- defusedxml.ElementTree.ParseError
- defusedxml.ElementTree.SubElement
- defusedxml.ElementTree.tostring
- defusedxml.lxml
- defusedxml.lxml._etree
- defusedxml.lxml._etree.ElementTree
- defusedxml.lxml._etree.parse
- defusedxml.lxml.fromstring
- defusedxml.lxml.parse
- defusedxml.minidom.parse
- defusedxml.minidom.parseString
- defusedxml.pulldom.parse
- defusedxml.xmlrpc