[Python-modules-commits] [defusedxml] 06/12: New upstream version 0.5.0
Jelmer Vernooij
jelmer at moszumanska.debian.org
Sun Jul 2 14:34:00 UTC 2017
This is an automated email from the git hooks/post-receive script.
jelmer pushed a commit to branch master
in repository defusedxml.
commit 0b25629644387c5e619e923a96f7031a222a3473
Author: Jelmer Vernooij <jelmer at debian.org>
Date: Sun Jul 2 14:19:05 2017 +0000
New upstream version 0.5.0
---
CHANGES.txt | 17 +++++
Makefile | 10 ++-
PKG-INFO | 32 +++++++---
README.html | 34 ++++++----
README.txt | 2 +-
PKG-INFO => defusedxml.egg-info/PKG-INFO | 32 +++++++---
defusedxml.egg-info/SOURCES.txt | 44 +++++++++++++
defusedxml.egg-info/dependency_links.txt | 1 +
defusedxml.egg-info/top_level.txt | 1 +
defusedxml/ElementTree.py | 48 +++++++-------
defusedxml/__init__.py | 5 +-
defusedxml/cElementTree.py | 9 ++-
defusedxml/common.py | 69 ++++-----------------
defusedxml/expatbuilder.py | 2 +-
defusedxml/lxml.py | 14 +++--
defusedxml/minidom.py | 12 ++--
defusedxml/sax.py | 2 +
defusedxml/xmlrpc.py | 33 +++++-----
setup.cfg | 12 ++++
setup.py | 21 ++++---
tests.py | 103 ++++++++++---------------------
21 files changed, 280 insertions(+), 223 deletions(-)
diff --git a/CHANGES.txt b/CHANGES.txt
index 214c562..b262ed9 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,6 +1,23 @@
Changelog
=========
+defusedxml 0.5.0
+----------------
+
+*Release date: 07-Feb-2017*
+
+- No changes
+
+defusedxml 0.5.0.rc1
+--------------------
+
+*Release date: 28-Jan-2017*
+
+- Add compatibility with Python 3.6
+- Drop support for Python 2.6, 3.1, 3.2, 3.3
+- Fix lxml tests (XMLSyntaxError: Detected an entity reference loop)
+
+
defusedxml 0.4.1
----------------
diff --git a/Makefile b/Makefile
index 051be30..51c0d82 100644
--- a/Makefile
+++ b/Makefile
@@ -7,7 +7,11 @@ PYTHONS=python2.6 python2.7 python3.1 python3.2 python3.3 python3.4
.PHONY: inplace all rebuild test_inplace test fulltests clean distclean
.PHONY: sdist install
-all: inplace README.html
+all: inplace README.html README.md
+
+README.md: README.txt CHANGES.txt
+ pandoc --from=rst --to=markdown README.txt > $@
+ pandoc --from=rst --to=markdown CHANGES.txt >> $@
README.html: README.txt CHANGES.txt void.css
@echo | cat README.txt - CHANGES.txt | \
@@ -54,8 +58,8 @@ whitespace:
xargs sed -i 's/[ \t]*$$//'
-sdist: README.html
- $(PYTHON) setup.py sdist --formats gztar,zip
+packages: README.html README.md
+ $(PYTHON) setup.py packages
install:
$(PYTHON) setup.py $(SETUPFLAGS) build $(COMPILEFLAGS)
diff --git a/PKG-INFO b/PKG-INFO
index 8659cab..a84d5a7 100644
--- a/PKG-INFO
+++ b/PKG-INFO
@@ -1,12 +1,12 @@
Metadata-Version: 1.1
Name: defusedxml
-Version: 0.4.1
+Version: 0.5.0
Summary: XML bomb protection for Python stdlib modules
-Home-page: https://bitbucket.org/tiran/defusedxml
+Home-page: https://github.com/tiran/defusedxml
Author: Christian Heimes
Author-email: christian at python.org
License: PSFL
-Download-URL: http://pypi.python.org/pypi/defusedxml
+Download-URL: https://pypi.python.org/pypi/defusedxml
Description: ===================================================
defusedxml -- defusing XML bombs and other exploits
===================================================
@@ -721,7 +721,7 @@ Description: ===================================================
License
=======
- Copyright (c) 2013 by Christian Heimes <christian at python.org>
+ Copyright (c) 2013-2017 by Christian Heimes <christian at python.org>
Licensed to PSF under a Contributor Agreement.
@@ -787,6 +787,23 @@ Description: ===================================================
Changelog
=========
+ defusedxml 0.5.0
+ ----------------
+
+ *Release date: 07-Feb-2017*
+
+ - No changes
+
+ defusedxml 0.5.0.rc1
+ --------------------
+
+ *Release date: 28-Jan-2017*
+
+ - Add compatibility with Python 3.6
+ - Drop support for Python 2.6, 3.1, 3.2, 3.3
+ - Fix lxml tests (XMLSyntaxError: Detected an entity reference loop)
+
+
defusedxml 0.4.1
----------------
@@ -848,10 +865,9 @@ Classifier: License :: OSI Approved :: Python Software Foundation License
Classifier: Natural Language :: English
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 2
-Classifier: Programming Language :: Python :: 2.6
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.1
-Classifier: Programming Language :: Python :: 3.2
-Classifier: Programming Language :: Python :: 3.3
+Classifier: Programming Language :: Python :: 3.4
+Classifier: Programming Language :: Python :: 3.5
+Classifier: Programming Language :: Python :: 3.6
Classifier: Topic :: Text Processing :: Markup :: XML
diff --git a/README.html b/README.html
index b35c231..41286ec 100644
--- a/README.html
+++ b/README.html
@@ -3,7 +3,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-<meta name="generator" content="Docutils 0.8.1: http://docutils.sourceforge.net/" />
+<meta name="generator" content="Docutils 0.12: http://docutils.sourceforge.net/" />
<title>defusedxml -- defusing XML bombs and other exploits</title>
<style type="text/css">
@@ -553,11 +553,12 @@ by default.</p>
<li><a class="reference internal" href="#acknowledgements" id="id45">Acknowledgements</a></li>
<li><a class="reference internal" href="#references" id="id46">References</a></li>
<li><a class="reference internal" href="#changelog" id="id47">Changelog</a><ul>
-<li><a class="reference internal" href="#defusedxml-0-4-1" id="id48">defusedxml 0.4.1</a></li>
-<li><a class="reference internal" href="#defusedxml-0-4" id="id49">defusedxml 0.4</a></li>
-<li><a class="reference internal" href="#defusedxml-0-3" id="id50">defusedxml 0.3</a></li>
-<li><a class="reference internal" href="#defusedxml-0-2" id="id51">defusedxml 0.2</a></li>
-<li><a class="reference internal" href="#defusedxml-0-1" id="id52">defusedxml 0.1</a></li>
+<li><a class="reference internal" href="#defusedxml-0-5-0-rc1" id="id48">defusedxml 0.5.0.rc1</a></li>
+<li><a class="reference internal" href="#defusedxml-0-4-1" id="id49">defusedxml 0.4.1</a></li>
+<li><a class="reference internal" href="#defusedxml-0-4" id="id50">defusedxml 0.4</a></li>
+<li><a class="reference internal" href="#defusedxml-0-3" id="id51">defusedxml 0.3</a></li>
+<li><a class="reference internal" href="#defusedxml-0-2" id="id52">defusedxml 0.2</a></li>
+<li><a class="reference internal" href="#defusedxml-0-1" id="id53">defusedxml 0.1</a></li>
</ul>
</li>
</ul>
@@ -1254,7 +1255,7 @@ builderFactory.setFeature("http://apache.org/xml/features/nonvalidating/loa
</div>
<div class="section" id="license">
<h1><a class="toc-backref" href="#id44">License</a></h1>
-<p>Copyright (c) 2013 by Christian Heimes <<a class="reference external" href="mailto:christian@python.org">christian@python.org</a>></p>
+<p>Copyright (c) 2013-2017 by Christian Heimes <<a class="reference external" href="mailto:christian@python.org">christian@python.org</a>></p>
<p>Licensed to PSF under a Contributor Agreement.</p>
<p>See <a class="reference external" href="http://www.python.org/psf/license">http://www.python.org/psf/license</a> for licensing details.</p>
</div>
@@ -1293,8 +1294,17 @@ during working hours as part of semantics's open source initiative.</dd>
</div>
<div class="section" id="changelog">
<h1><a class="toc-backref" href="#id47">Changelog</a></h1>
+<div class="section" id="defusedxml-0-5-0-rc1">
+<h2><a class="toc-backref" href="#id48">defusedxml 0.5.0.rc1</a></h2>
+<p><em>Release date: 28-Jan-2017</em></p>
+<ul class="simple">
+<li>Add compatibility with Python 3.6</li>
+<li>Drop support for Python 2.6, 3.1, 3.2, 3.3</li>
+<li>Fix lxml tests (XMLSyntaxError: Detected an entity reference loop)</li>
+</ul>
+</div>
<div class="section" id="defusedxml-0-4-1">
-<h2><a class="toc-backref" href="#id48">defusedxml 0.4.1</a></h2>
+<h2><a class="toc-backref" href="#id49">defusedxml 0.4.1</a></h2>
<p><em>Release date: 28-Mar-2013</em></p>
<ul class="simple">
<li>Add more demo exploits, e.g. python_external.py and Xalan XSLT demos.</li>
@@ -1302,7 +1312,7 @@ during working hours as part of semantics's open source initiative.</dd>
</ul>
</div>
<div class="section" id="defusedxml-0-4">
-<h2><a class="toc-backref" href="#id49">defusedxml 0.4</a></h2>
+<h2><a class="toc-backref" href="#id50">defusedxml 0.4</a></h2>
<p><em>Release date: 25-Feb-2013</em></p>
<ul class="simple">
<li>As per <a class="reference external" href="http://seclists.org/oss-sec/2013/q1/340">http://seclists.org/oss-sec/2013/q1/340</a> please REJECT
@@ -1315,14 +1325,14 @@ and WebDAV.</li>
</ul>
</div>
<div class="section" id="defusedxml-0-3">
-<h2><a class="toc-backref" href="#id50">defusedxml 0.3</a></h2>
+<h2><a class="toc-backref" href="#id51">defusedxml 0.3</a></h2>
<p><em>Release date: 19-Feb-2013</em></p>
<ul class="simple">
<li>Improve documentation</li>
</ul>
</div>
<div class="section" id="defusedxml-0-2">
-<h2><a class="toc-backref" href="#id51">defusedxml 0.2</a></h2>
+<h2><a class="toc-backref" href="#id52">defusedxml 0.2</a></h2>
<p><em>Release date: 15-Feb-2013</em></p>
<ul class="simple">
<li>Rename ExternalEntitiesForbidden to ExternalReferenceForbidden</li>
@@ -1337,7 +1347,7 @@ and WebDAV.</li>
</ul>
</div>
<div class="section" id="defusedxml-0-1">
-<h2><a class="toc-backref" href="#id52">defusedxml 0.1</a></h2>
+<h2><a class="toc-backref" href="#id53">defusedxml 0.1</a></h2>
<p><em>Release date: 08-Feb-2013</em></p>
<ul class="simple">
<li>Initial and internal release for PSRT review</li>
diff --git a/README.txt b/README.txt
index 1f7dbe4..137b136 100644
--- a/README.txt
+++ b/README.txt
@@ -712,7 +712,7 @@ TODO
License
=======
-Copyright (c) 2013 by Christian Heimes <christian at python.org>
+Copyright (c) 2013-2017 by Christian Heimes <christian at python.org>
Licensed to PSF under a Contributor Agreement.
diff --git a/PKG-INFO b/defusedxml.egg-info/PKG-INFO
similarity index 97%
copy from PKG-INFO
copy to defusedxml.egg-info/PKG-INFO
index 8659cab..a84d5a7 100644
--- a/PKG-INFO
+++ b/defusedxml.egg-info/PKG-INFO
@@ -1,12 +1,12 @@
Metadata-Version: 1.1
Name: defusedxml
-Version: 0.4.1
+Version: 0.5.0
Summary: XML bomb protection for Python stdlib modules
-Home-page: https://bitbucket.org/tiran/defusedxml
+Home-page: https://github.com/tiran/defusedxml
Author: Christian Heimes
Author-email: christian at python.org
License: PSFL
-Download-URL: http://pypi.python.org/pypi/defusedxml
+Download-URL: https://pypi.python.org/pypi/defusedxml
Description: ===================================================
defusedxml -- defusing XML bombs and other exploits
===================================================
@@ -721,7 +721,7 @@ Description: ===================================================
License
=======
- Copyright (c) 2013 by Christian Heimes <christian at python.org>
+ Copyright (c) 2013-2017 by Christian Heimes <christian at python.org>
Licensed to PSF under a Contributor Agreement.
@@ -787,6 +787,23 @@ Description: ===================================================
Changelog
=========
+ defusedxml 0.5.0
+ ----------------
+
+ *Release date: 07-Feb-2017*
+
+ - No changes
+
+ defusedxml 0.5.0.rc1
+ --------------------
+
+ *Release date: 28-Jan-2017*
+
+ - Add compatibility with Python 3.6
+ - Drop support for Python 2.6, 3.1, 3.2, 3.3
+ - Fix lxml tests (XMLSyntaxError: Detected an entity reference loop)
+
+
defusedxml 0.4.1
----------------
@@ -848,10 +865,9 @@ Classifier: License :: OSI Approved :: Python Software Foundation License
Classifier: Natural Language :: English
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 2
-Classifier: Programming Language :: Python :: 2.6
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.1
-Classifier: Programming Language :: Python :: 3.2
-Classifier: Programming Language :: Python :: 3.3
+Classifier: Programming Language :: Python :: 3.4
+Classifier: Programming Language :: Python :: 3.5
+Classifier: Programming Language :: Python :: 3.6
Classifier: Topic :: Text Processing :: Markup :: XML
diff --git a/defusedxml.egg-info/SOURCES.txt b/defusedxml.egg-info/SOURCES.txt
new file mode 100644
index 0000000..b80c2b7
--- /dev/null
+++ b/defusedxml.egg-info/SOURCES.txt
@@ -0,0 +1,44 @@
+CHANGES.txt
+LICENSE
+MANIFEST.in
+Makefile
+README.html
+README.txt
+setup.cfg
+setup.py
+tests.py
+void.css
+defusedxml/ElementTree.py
+defusedxml/__init__.py
+defusedxml/cElementTree.py
+defusedxml/common.py
+defusedxml/expatbuilder.py
+defusedxml/expatreader.py
+defusedxml/lxml.py
+defusedxml/minidom.py
+defusedxml/pulldom.py
+defusedxml/sax.py
+defusedxml/xmlrpc.py
+defusedxml.egg-info/PKG-INFO
+defusedxml.egg-info/SOURCES.txt
+defusedxml.egg-info/dependency_links.txt
+defusedxml.egg-info/top_level.txt
+other/README.txt
+other/exploit_webdav.py
+other/exploit_xmlrpc.py
+other/perl.pl
+other/php.php
+other/python_external.py
+other/python_genshi.py
+other/ruby-hpricot.rb
+other/ruby-libxml.rb
+other/ruby-rexml.rb
+xmltestdata/cyclic.xml
+xmltestdata/dtd.xml
+xmltestdata/external.xml
+xmltestdata/external_file.xml
+xmltestdata/quadratic.xml
+xmltestdata/simple-ns.xml
+xmltestdata/simple.xml
+xmltestdata/xmlbomb.xml
+xmltestdata/xmlbomb2.xml
\ No newline at end of file
diff --git a/defusedxml.egg-info/dependency_links.txt b/defusedxml.egg-info/dependency_links.txt
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/defusedxml.egg-info/dependency_links.txt
@@ -0,0 +1 @@
+
diff --git a/defusedxml.egg-info/top_level.txt b/defusedxml.egg-info/top_level.txt
new file mode 100644
index 0000000..36969f2
--- /dev/null
+++ b/defusedxml.egg-info/top_level.txt
@@ -0,0 +1 @@
+defusedxml
diff --git a/defusedxml/ElementTree.py b/defusedxml/ElementTree.py
index a2f1f58..41b2ea8 100644
--- a/defusedxml/ElementTree.py
+++ b/defusedxml/ElementTree.py
@@ -8,26 +8,27 @@
from __future__ import print_function, absolute_import
import sys
-from .common import PY3, PY26, PY31
+from xml.etree.ElementTree import TreeBuilder as _TreeBuilder
+from xml.etree.ElementTree import parse as _parse
+from xml.etree.ElementTree import tostring
+
+from .common import PY3
+
+
if PY3:
import importlib
else:
from xml.etree.ElementTree import XMLParser as _XMLParser
from xml.etree.ElementTree import iterparse as _iterparse
- if PY26:
- from xml.parsers.expat import ExpatError as ParseError
- else:
- from xml.etree.ElementTree import ParseError
- _IterParseIterator = None
-from xml.etree.ElementTree import TreeBuilder as _TreeBuilder
-from xml.etree.ElementTree import parse as _parse
-from xml.etree.ElementTree import tostring
+ from xml.etree.ElementTree import ParseError
+
from .common import (DTDForbidden, EntitiesForbidden,
ExternalReferenceForbidden, _generate_etree_functions)
__origin__ = "xml.etree.ElementTree"
+
def _get_py3_cls():
"""Python 3.3 hides the pure Python code but defusedxml requires it.
@@ -49,32 +50,26 @@ def _get_py3_cls():
_XMLParser = pure_pymod.XMLParser
_iterparse = pure_pymod.iterparse
- if PY31:
- _IterParseIterator = None
- from xml.parsers.expat import ExpatError as ParseError
- else:
- _IterParseIterator = pure_pymod._IterParseIterator
- ParseError = pure_pymod.ParseError
+ ParseError = pure_pymod.ParseError
+
+ return _XMLParser, _iterparse, ParseError
- return _XMLParser, _iterparse, _IterParseIterator, ParseError
if PY3:
- _XMLParser, _iterparse, _IterParseIterator, ParseError = _get_py3_cls()
+ _XMLParser, _iterparse, ParseError = _get_py3_cls()
class DefusedXMLParser(_XMLParser):
+
def __init__(self, html=0, target=None, encoding=None,
forbid_dtd=False, forbid_entities=True,
forbid_external=True):
- if PY26 or PY31:
- _XMLParser.__init__(self, html, target)
- else:
- # Python 2.x old style class
- _XMLParser.__init__(self, html, target, encoding)
+ # Python 2.x old style class
+ _XMLParser.__init__(self, html, target, encoding)
self.forbid_dtd = forbid_dtd
self.forbid_entities = forbid_entities
self.forbid_external = forbid_external
- if PY3 and not PY31:
+ if PY3:
parser = self.parser
else:
parser = self._parser
@@ -108,5 +103,10 @@ class DefusedXMLParser(_XMLParser):
XMLTreeBuilder = XMLParse = DefusedXMLParser
parse, iterparse, fromstring = _generate_etree_functions(DefusedXMLParser,
- _TreeBuilder, _IterParseIterator, _parse, _iterparse)
+ _TreeBuilder, _parse,
+ _iterparse)
XML = fromstring
+
+
+__all__ = ['XML', 'XMLParse', 'XMLTreeBuilder', 'fromstring', 'iterparse',
+ 'parse', 'tostring']
diff --git a/defusedxml/__init__.py b/defusedxml/__init__.py
index 98a7f14..590a5a9 100644
--- a/defusedxml/__init__.py
+++ b/defusedxml/__init__.py
@@ -11,6 +11,7 @@ from .common import (DefusedXmlException, DTDForbidden, EntitiesForbidden,
ExternalReferenceForbidden, NotSupportedError,
_apply_defusing)
+
def defuse_stdlib():
"""Monkey patch and defuse all stdlib packages
@@ -38,5 +39,7 @@ def defuse_stdlib():
return defused
-__version__ = "0.4.1"
+__version__ = "0.5.0"
+__all__ = ['DefusedXmlException', 'DTDForbidden', 'EntitiesForbidden',
+ 'ExternalReferenceForbidden', 'NotSupportedError']
diff --git a/defusedxml/cElementTree.py b/defusedxml/cElementTree.py
index 0e37c8f..cc13689 100644
--- a/defusedxml/cElementTree.py
+++ b/defusedxml/cElementTree.py
@@ -13,13 +13,18 @@ from xml.etree.cElementTree import tostring
# iterparse from ElementTree!
from xml.etree.ElementTree import iterparse as _iterparse
-from .ElementTree import DefusedXMLParser, _IterParseIterator
+from .ElementTree import DefusedXMLParser
from .common import _generate_etree_functions
__origin__ = "xml.etree.cElementTree"
+
XMLTreeBuilder = XMLParse = DefusedXMLParser
parse, iterparse, fromstring = _generate_etree_functions(DefusedXMLParser,
- _TreeBuilder, _IterParseIterator, _parse, _iterparse)
+ _TreeBuilder, _parse,
+ _iterparse)
XML = fromstring
+
+__all__ = ['XML', 'XMLParse', 'XMLTreeBuilder', 'fromstring', 'iterparse',
+ 'parse', 'tostring']
diff --git a/defusedxml/common.py b/defusedxml/common.py
index 5e5f8a2..668b609 100644
--- a/defusedxml/common.py
+++ b/defusedxml/common.py
@@ -6,16 +6,14 @@
"""Common constants, exceptions and helpe functions
"""
import sys
-from types import MethodType
PY3 = sys.version_info[0] == 3
-PY26 = sys.version_info[:2] == (2, 6)
-PY31 = sys.version_info[:2] == (3, 1)
class DefusedXmlException(ValueError):
"""Base exception
"""
+
def __repr__(self):
return str(self)
@@ -23,6 +21,7 @@ class DefusedXmlException(ValueError):
class DTDForbidden(DefusedXmlException):
"""Document type definition is forbidden
"""
+
def __init__(self, name, sysid, pubid):
super(DTDForbidden, self).__init__()
self.name = name
@@ -37,6 +36,7 @@ class DTDForbidden(DefusedXmlException):
class EntitiesForbidden(DefusedXmlException):
"""Entity definition is forbidden
"""
+
def __init__(self, name, value, base, sysid, pubid, notation_name):
super(EntitiesForbidden, self).__init__()
self.name = name
@@ -54,6 +54,7 @@ class EntitiesForbidden(DefusedXmlException):
class ExternalReferenceForbidden(DefusedXmlException):
"""Resolving an external reference is forbidden
"""
+
def __init__(self, context, base, sysid, pubid):
super(ExternalReferenceForbidden, self).__init__()
self.context = context
@@ -85,7 +86,7 @@ def _apply_defusing(defused_mod):
def _generate_etree_functions(DefusedXMLParser, _TreeBuilder,
- _IterParseIterator, _parse, _iterparse):
+ _parse, _iterparse):
"""Factory for functions needed by etree, dependent on whether
cElementTree or ElementTree is used."""
@@ -98,57 +99,14 @@ def _generate_etree_functions(DefusedXMLParser, _TreeBuilder,
forbid_external=forbid_external)
return _parse(source, parser)
- if PY26 or PY31:
- def bind(xmlparser, funcname, hookname):
- func = getattr(DefusedXMLParser, funcname)
- if PY26:
- # unbound -> function
- func = func.__func__
- method = MethodType(func, xmlparser, xmlparser.__class__)
- else:
- method = MethodType(func, xmlparser)
- # set hook
- setattr(xmlparser._parser, hookname, method)
-
- def iterparse(source, events=None, forbid_dtd=False,
- forbid_entities=True, forbid_external=True):
- it = _iterparse(source, events)
- xmlparser = it._parser
- if forbid_dtd:
- bind(xmlparser, "defused_start_doctype_decl",
- "StartDoctypeDeclHandler")
- if forbid_entities:
- bind(xmlparser, "defused_entity_decl",
- "EntityDeclHandler")
- bind(xmlparser, "defused_unparsed_entity_decl",
- "UnparsedEntityDeclHandler")
- if forbid_external:
- bind(xmlparser, "defused_external_entity_ref_handler",
- "ExternalEntityRefHandler")
- return it
- elif PY3:
- def iterparse(source, events=None, parser=None, forbid_dtd=False,
- forbid_entities=True, forbid_external=True):
- close_source = False
- if not hasattr(source, "read"):
- source = open(source, "rb")
- close_source = True
- if not parser:
- parser = DefusedXMLParser(target=_TreeBuilder(),
- forbid_dtd=forbid_dtd,
- forbid_entities=forbid_entities,
- forbid_external=forbid_external)
- return _IterParseIterator(source, events, parser, close_source)
- else:
- # Python 2.7
- def iterparse(source, events=None, parser=None, forbid_dtd=False,
- forbid_entities=True, forbid_external=True):
- if parser is None:
- parser = DefusedXMLParser(target=_TreeBuilder(),
- forbid_dtd=forbid_dtd,
- forbid_entities=forbid_entities,
- forbid_external=forbid_external)
- return _iterparse(source, events, parser)
+ def iterparse(source, events=None, parser=None, forbid_dtd=False,
+ forbid_entities=True, forbid_external=True):
+ if parser is None:
+ parser = DefusedXMLParser(target=_TreeBuilder(),
+ forbid_dtd=forbid_dtd,
+ forbid_entities=forbid_entities,
+ forbid_external=forbid_external)
+ return _iterparse(source, events, parser)
def fromstring(text, forbid_dtd=False, forbid_entities=True,
forbid_external=True):
@@ -159,5 +117,4 @@ def _generate_etree_functions(DefusedXMLParser, _TreeBuilder,
parser.feed(text)
return parser.close()
-
return parse, iterparse, fromstring
diff --git a/defusedxml/expatbuilder.py b/defusedxml/expatbuilder.py
index d81fd2f..0eb6b91 100644
--- a/defusedxml/expatbuilder.py
+++ b/defusedxml/expatbuilder.py
@@ -49,7 +49,7 @@ class DefusedExpatBuilder(_ExpatBuilder):
if self.forbid_dtd:
parser.StartDoctypeDeclHandler = self.defused_start_doctype_decl
if self.forbid_entities:
- #if self._options.entities:
+ # if self._options.entities:
parser.EntityDeclHandler = self.defused_entity_decl
parser.UnparsedEntityDeclHandler = self.defused_unparsed_entity_decl
if self.forbid_external:
diff --git a/defusedxml/lxml.py b/defusedxml/lxml.py
index 94b497c..7f3ee0b 100644
--- a/defusedxml/lxml.py
+++ b/defusedxml/lxml.py
@@ -40,7 +40,8 @@ class RestrictedElement(_etree.ElementBase):
return self._filter(iterator)
def iterchildren(self, tag=None, reversed=False):
- iterator = super(RestrictedElement, self).iterchildren(tag=tag, reversed=reversed)
+ iterator = super(RestrictedElement, self).iterchildren(
+ tag=tag, reversed=reversed)
return self._filter(iterator)
def iter(self, tag=None, *tags):
@@ -48,11 +49,13 @@ class RestrictedElement(_etree.ElementBase):
return self._filter(iterator)
def iterdescendants(self, tag=None, *tags):
- iterator = super(RestrictedElement, self).iterdescendants(tag=tag, *tags)
+ iterator = super(RestrictedElement,
+ self).iterdescendants(tag=tag, *tags)
return self._filter(iterator)
def itersiblings(self, tag=None, preceding=False):
- iterator = super(RestrictedElement, self).itersiblings(tag=tag, preceding=preceding)
+ iterator = super(RestrictedElement, self).itersiblings(
+ tag=tag, preceding=preceding)
return self._filter(iterator)
def getchildren(self):
@@ -69,8 +72,8 @@ class GlobalParserTLS(threading.local):
"""
parser_config = {
'resolve_entities': False,
- #'remove_comments': True,
- #'remove_pis': True,
+ # 'remove_comments': True,
+ # 'remove_pis': True,
}
element_class = RestrictedElement
@@ -142,6 +145,7 @@ def fromstring(text, parser=None, base_url=None, forbid_dtd=False,
check_docinfo(elementtree, forbid_dtd, forbid_entities)
return rootelement
+
XML = fromstring
diff --git a/defusedxml/minidom.py b/defusedxml/minidom.py
index 1ce6946..0fd8684 100644
--- a/defusedxml/minidom.py
+++ b/defusedxml/minidom.py
@@ -13,6 +13,7 @@ from . import pulldom as _pulldom
__origin__ = "xml.dom.minidom"
+
def parse(file, parser=None, bufsize=None, forbid_dtd=False,
forbid_entities=True, forbid_external=True):
"""Parse a file into a DOM by filename or file object."""
@@ -22,17 +23,18 @@ def parse(file, parser=None, bufsize=None, forbid_dtd=False,
forbid_external=forbid_external)
else:
return _do_pulldom_parse(_pulldom.parse, (file,),
- {'parser': parser, 'bufsize': bufsize,
- 'forbid_dtd': forbid_dtd, 'forbid_entities': forbid_entities,
- 'forbid_external': forbid_external})
+ {'parser': parser, 'bufsize': bufsize,
+ 'forbid_dtd': forbid_dtd, 'forbid_entities': forbid_entities,
+ 'forbid_external': forbid_external})
+
def parseString(string, parser=None, forbid_dtd=False,
forbid_entities=True, forbid_external=True):
"""Parse a file into a DOM from a string."""
if parser is None:
return _expatbuilder.parseString(string, forbid_dtd=forbid_dtd,
- forbid_entities=forbid_entities,
- forbid_external=forbid_external)
+ forbid_entities=forbid_entities,
+ forbid_external=forbid_external)
else:
return _do_pulldom_parse(_pulldom.parseString, (string,),
{'parser': parser, 'forbid_dtd': forbid_dtd,
diff --git a/defusedxml/sax.py b/defusedxml/sax.py
index 4305df0..534d0ca 100644
--- a/defusedxml/sax.py
+++ b/defusedxml/sax.py
@@ -14,6 +14,7 @@ from . import expatreader
__origin__ = "xml.sax"
+
def parse(source, handler, errorHandler=_ErrorHandler(), forbid_dtd=False,
forbid_entities=True, forbid_external=True):
parser = make_parser()
@@ -43,5 +44,6 @@ def parseString(string, handler, errorHandler=_ErrorHandler(),
inpsrc.setByteStream(BytesIO(string))
parser.parse(inpsrc)
+
def make_parser(parser_list=[]):
return expatreader.create_parser()
diff --git a/defusedxml/xmlrpc.py b/defusedxml/xmlrpc.py
index 0829916..2a456e6 100644
--- a/defusedxml/xmlrpc.py
+++ b/defusedxml/xmlrpc.py
@@ -11,25 +11,23 @@ from __future__ import print_function, absolute_import
import io
-from .common import (DTDForbidden, EntitiesForbidden,
- ExternalReferenceForbidden, PY3, PY31, PY26)
+from .common import (
+ DTDForbidden, EntitiesForbidden, ExternalReferenceForbidden, PY3)
if PY3:
__origin__ = "xmlrpc.client"
from xmlrpc.client import ExpatParser
from xmlrpc import client as xmlrpc_client
from xmlrpc import server as xmlrpc_server
- if not PY31:
- from xmlrpc.client import gzip_decode as _orig_gzip_decode
- from xmlrpc.client import GzipDecodedResponse as _OrigGzipDecodedResponse
+ from xmlrpc.client import gzip_decode as _orig_gzip_decode
+ from xmlrpc.client import GzipDecodedResponse as _OrigGzipDecodedResponse
else:
__origin__ = "xmlrpclib"
from xmlrpclib import ExpatParser
import xmlrpclib as xmlrpc_client
xmlrpc_server = None
- if not PY26:
- from xmlrpclib import gzip_decode as _orig_gzip_decode
- from xmlrpclib import GzipDecodedResponse as _OrigGzipDecodedResponse
+ from xmlrpclib import gzip_decode as _orig_gzip_decode
+ from xmlrpclib import GzipDecodedResponse as _OrigGzipDecodedResponse
try:
import gzip
@@ -41,7 +39,8 @@ except ImportError:
# Also used to limit maximum amount of gzip decoded data in order to prevent
# decompression bombs
# A value of -1 or smaller disables the limit
-MAX_DATA = 30 * 1024 * 1024 # 30 MB
+MAX_DATA = 30 * 1024 * 1024 # 30 MB
+
def defused_gzip_decode(data, limit=None):
"""gzip encoded data -> unencoded data
@@ -55,7 +54,7 @@ def defused_gzip_decode(data, limit=None):
f = io.BytesIO(data)
gzf = gzip.GzipFile(mode="rb", fileobj=f)
try:
- if limit < 0: # no limit
+ if limit < 0: # no limit
decoded = gzf.read()
else:
decoded = gzf.read(limit + 1)
@@ -72,13 +71,14 @@ class DefusedGzipDecodedResponse(gzip.GzipFile if gzip else object):
"""a file-like object to decode a response encoded with the gzip
method, as described in RFC 1952.
"""
+
def __init__(self, response, limit=None):
- #response doesn't support tell() and read(), required by
- #GzipFile
+ # response doesn't support tell() and read(), required by
+ # GzipFile
if not gzip:
raise NotImplementedError
self.limit = limit = limit if limit is not None else MAX_DATA
- if limit < 0: # no limit
+ if limit < 0: # no limit
data = response.read()
self.readlength = None
else:
@@ -107,6 +107,7 @@ class DefusedGzipDecodedResponse(gzip.GzipFile if gzip else object):
class DefusedExpatParser(ExpatParser):
+
def __init__(self, target, forbid_dtd=False, forbid_entities=True,
forbid_external=True):
ExpatParser.__init__(self, target)
@@ -142,18 +143,14 @@ class DefusedExpatParser(ExpatParser):
def monkey_patch():
xmlrpc_client.FastParser = DefusedExpatParser
- if PY26 or PY31:
- # Python 2.6 and 3.1 have no gzip support in xmlrpc
- return
xmlrpc_client.GzipDecodedResponse = DefusedGzipDecodedResponse
xmlrpc_client.gzip_decode = defused_gzip_decode
if xmlrpc_server:
xmlrpc_server.gzip_decode = defused_gzip_decode
+
def unmonkey_patch():
xmlrpc_client.FastParser = None
- if PY26 or PY31:
- return
xmlrpc_client.GzipDecodedResponse = _OrigGzipDecodedResponse
xmlrpc_client.gzip_decode = _orig_gzip_decode
if xmlrpc_server:
diff --git a/setup.cfg b/setup.cfg
new file mode 100644
index 0000000..8b48b64
--- /dev/null
+++ b/setup.cfg
@@ -0,0 +1,12 @@
+[bdist_wheel]
+universal = 1
+
+[aliases]
+packages = clean --all egg_info bdist_wheel sdist --format=gztar
+release = packages register upload
+
+[egg_info]
+tag_build =
+tag_date = 0
+tag_svn_revision = 0
+
diff --git a/setup.py b/setup.py
index 9fc47c1..6926330 100644
--- a/setup.py
+++ b/setup.py
@@ -1,17 +1,23 @@
#!/usr/bin/env python
from __future__ import absolute_import
import sys
-from distutils.core import setup, Command
+from distutils.core import Command
import subprocess
+from setuptools import setup
+
import defusedxml
+
class PyTest(Command):
user_options = []
+
def initialize_options(self):
pass
+
def finalize_options(self):
pass
+
def run(self):
errno = subprocess.call([sys.executable, "tests.py"])
raise SystemExit(errno)
@@ -23,6 +29,7 @@ with open("README.txt") as f:
with open("CHANGES.txt") as f:
long_description.append(f.read())
+
setup(
name="defusedxml",
version=defusedxml.__version__,
@@ -32,8 +39,8 @@ setup(
author_email="christian at python.org",
maintainer="Christian Heimes",
maintainer_email="christian at python.org",
- url="https://bitbucket.org/tiran/defusedxml",
- download_url="http://pypi.python.org/pypi/defusedxml",
+ url="https://github.com/tiran/defusedxml",
+ download_url="https://pypi.python.org/pypi/defusedxml",
keywords="xml bomb DoS",
platforms="all",
license="PSFL",
@@ -46,13 +53,11 @@ setup(
"Natural Language :: English",
"Programming Language :: Python",
"Programming Language :: Python :: 2",
- "Programming Language :: Python :: 2.6",
"Programming Language :: Python :: 2.7",
"Programming Language :: Python :: 3",
- "Programming Language :: Python :: 3.1",
- "Programming Language :: Python :: 3.2",
- "Programming Language :: Python :: 3.3",
+ "Programming Language :: Python :: 3.4",
+ "Programming Language :: Python :: 3.5",
+ "Programming Language :: Python :: 3.6",
"Topic :: Text Processing :: Markup :: XML",
],
)
-
diff --git a/tests.py b/tests.py
index 7c63ea2..145172c 100644
--- a/tests.py
+++ b/tests.py
@@ -3,7 +3,6 @@ import os
import sys
import unittest
import io
-import re
from xml.sax.saxutils import XMLGenerator
from xml.sax import SAXParseException
@@ -11,9 +10,9 @@ from pyexpat import ExpatError
from defusedxml import cElementTree, ElementTree, minidom, pulldom, sax, xmlrpc
from defusedxml import defuse_stdlib
-from defusedxml import (DefusedXmlException, DTDForbidden, EntitiesForbidden,
+from defusedxml import (DTDForbidden, EntitiesForbidden,
ExternalReferenceForbidden, NotSupportedError)
-from defusedxml.common import PY3, PY26, PY31
+from defusedxml.common import PY3
try:
@@ -39,39 +38,6 @@ os.environ["http_proxy"] = "http://127.0.9.1:9"
os.environ["https_proxy"] = os.environ["http_proxy"]
os.environ["ftp_proxy"] = os.environ["http_proxy"]
-if PY26 or PY31:
- class _AssertRaisesContext(object):
- def __init__(self, expected, test_case, expected_regexp=None):
- self.expected = expected
- self.failureException = test_case.failureException
- self.expected_regexp = expected_regexp
-
- def __enter__(self):
- return self
-
... 203 lines suppressed ...
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/defusedxml.git
More information about the Python-modules-commits
mailing list