How to use the defusedxml.minidom.parse function in defusedxml

To help you get started, we’ve selected a few defusedxml examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github RUB-NDS / DTD-Attacks / code / python / minidom / testDefusedMinidom.py View on Github external
def testXXE(self):
		with self.assertRaises(EntitiesForbidden):
			document = '../../xml_files_windows/xxe/xxe.xml'
			doc = minidom.parse(document)    
github RUB-NDS / DTD-Attacks / code / python / minidom / testDefusedMinidom.py View on Github external
def testURLInvocation_doctype(self):
		#Reset the server back to "0"                                           
		r = requests.get(self._URL_+"/reset")                         
		r = requests.get(self._URL_ +"/getCounter")                                           
		request_content = r.text.replace("\r\n","")                             
		self.assertEqual("0", request_content)     
		
		document = '../../xml_files_windows/ssrf/url_invocation_doctype.xml'
		doc = minidom.parse(document)   
		content = doc.documentElement.toxml()          
		
		#Check if a request has been made                                       
		r = requests.get(self._URL_ +"/getCounter")                                           
		request_content = r.text.replace("\r\n","")                             
		self.assertEqual("0", request_content)   
	'''
github RUB-NDS / DTD-Attacks / code / python / minidom / testDefusedMinidom.py View on Github external
def testDOS_indirections(self):
		with self.assertRaises(EntitiesForbidden):
			document = '../../xml_files_windows/dos/dos_indirections.xml'
			doc = minidom.parse(document)    			
github RUB-NDS / DTD-Attacks / code / python / minidom / testDefusedMinidom.py View on Github external
def testURLInvocation_noNamespaceSchemaLocation(self):                      
		#Reset the server back to "0"                                           
		r = requests.get(self._URL_+"/reset")                         
		r = requests.get(self._URL_ +"/getCounter")                                           
		request_content = r.text.replace("\r\n","")                             
		self.assertEqual("0", request_content)   
		
		document = '../../xml_files_windows/ssrf/url_invocation_noNamespaceSchemaLocation.xml'
		doc = minidom.parse(document)   
		content = doc.documentElement.toxml()                        
		
		#Check if a request has been made                                       
		r = requests.get(self._URL_ +"/getCounter")                                           
		request_content = r.text.replace("\r\n","")                             
		self.assertEqual("0", request_content)
github RUB-NDS / DTD-Attacks / code / python / minidom / testDefusedMinidom.py View on Github external
def testInternalSubset_PEReferenceInDTD(self):
		with self.assertRaises(EntitiesForbidden):
			document = '../../xml_files_windows/xxep/internalSubset_PEReferenceInDTD.xml'
			doc = minidom.parse(document)   
github RUB-NDS / DTD-Attacks / code / python / minidom / testDefusedMinidom.py View on Github external
def testXInclude(self):
		document = '../../xml_files_windows/xinclude.xml'
		doc = minidom.parse(document)   		
		content = doc.documentElement.firstChild.nodeName
		self.assertEqual("xi:include", content)
github RUB-NDS / DTD-Attacks / code / python / minidom / testDefusedMinidom.py View on Github external
def testURLInvocation_XInclude(self):                                       
		#Reset the server back to "0"                                           
		r = requests.get(self._URL_+"/reset")                         
		r = requests.get(self._URL_ +"/getCounter")                                           
		request_content = r.text.replace("\r\n","")                             
		self.assertEqual("0", request_content)  
		
		document = '../../xml_files_windows/ssrf/url_invocation_xinclude.xml'
		doc = minidom.parse(document)   
		content = doc.documentElement.toxml()     
		
		#Check if a request has been made                                       
		r = requests.get(self._URL_ +"/getCounter")                                           
		request_content = r.text.replace("\r\n","")                             
		self.assertEqual("0", request_content)
github mozilla / amo-validator / validator / opensearch.py View on Github external
def detect_opensearch(err, package, listed=False):
    'Detect, parse, and validate an OpenSearch provider'

    # Parse the file.
    try:
        # Check if it is a file object.
        if hasattr(package, 'read'):
            srch_prov = parse(package)
        else:
            # It's not a file object; open it (the XML parser is bad at this).
            with open(package, 'rb') as package_file:
                srch_prov = parse(package_file)
    except DefusedXmlException:
        url = 'https://pypi.python.org/pypi/defusedxml/0.3#attack-vectors'
        err.error(
            err_id=('opensearch', 'security_error'),
            error='OpenSearch: XML Security Error',
            description='The OpenSearch extension could not be parsed due to '
                        'a security error in the XML. See {url} for more '
                        'info.'.format(url=url))
        return err
    except ExpatError:
        err.error(
            err_id=('opensearch', 'parse_error'),
github PyCQA / bandit / examples / xml_minidom.py View on Github external
from xml.dom.minidom import parseString as badParseString
from defusedxml.minidom import parseString as goodParseString
a = badParseString("Some data some more data")
print(a)
b = goodParseString("Some data some more data")
print(b)


from xml.dom.minidom import parse as badParse
from defusedxml.minidom import parse as goodParse
a = badParse("somfilethatdoesntexist.xml")
print(a)
b = goodParse("somefilethatdoesntexist.xml")
print(b)
github Antergos / Cnchi / src / misc / tz.py View on Github external
def __init__(self):
        self.names = {}
        document = minidom.parse(ISO_3166_FILE)
        entries = document.getElementsByTagName('iso_3166_entries')[0]
        self.handle_entries(entries)