Christian Heimes avatar Christian Heimes committed 5d283b5

entity -> entities
special exception for external entities

Comments (0)

Files changed (8)

defusedxml/ElementTree.py

 """Defused xml.etree.ElementTree facade
 """
 from __future__ import print_function, absolute_import, division
-from .common import DTDForbidden, EntityForbidden, PY3, PY26
 
 import sys
+from .common import PY3
 if PY3:
     import importlib
     _XMLParser, _iterparse, _IterParseIterator = None, None, None
 from xml.etree.ElementTree import parse as _parse
 
 
+from .common import (DTDForbidden, EntitiesForbidden,
+                     ExternalEntitiesForbidden, PY26)
+
+
 def _get_python_classes():
     """Python 3.3 hides the pure Python code but defusedxml requires it
 
         if self.forbid_entities:
             parser.EntityDeclHandler = self.entity_decl
             parser.UnparsedEntityDeclHandler = self.unparsed_entity_decl
+            parser.ExternalEntityRefHandler = self.external_entity_ref_handler
 
     def start_doctype_decl(self, name, sysid, pubid, has_internal_subset):
         raise DTDForbidden(name, sysid, pubid)
 
     def entity_decl(self, entityName, is_parameter_entity, value, base,
                     systemId, publicId, notationName):
-        raise EntityForbidden(entityName)
+        raise EntitiesForbidden(entityName)
 
     def unparsed_entity_decl(self, name, base, sysid, pubid, notation_name):
         # expat 1.2
-        raise EntityForbidden(name)
+        raise EntitiesForbidden(name)
+
+    def external_entity_ref_handler(self, context, base, systemId, publicId):
+        raise ExternalEntitiesForbidden(systemId, publicId)
 
 
 # aliases

defusedxml/__init__.py

 # Licensed to PSF under a Contributor Agreement.
 # See http://www.python.org/psf/license for licensing details.
 
-from .common import (DefusedXmlException, DTDForbidden, EntityForbidden,
-                     NotSupportedError)
+from .common import (DefusedXmlException, DTDForbidden, EntitiesForbidden,
+                     ExternalEntitiesForbidden, NotSupportedError)
 
 from . import cElementTree
 from . import ElementTree

defusedxml/common.py

     pass
 
 
-class EntityForbidden(DefusedXmlException):
+class EntitiesForbidden(DefusedXmlException):
+    pass
+
+
+class ExternalEntitiesForbidden(DefusedXmlException):
     pass
 
 

defusedxml/expatbuilder.py

 from xml.dom.expatbuilder import ExpatBuilder as _ExpatBuilder
 from xml.dom.expatbuilder import Namespaces as _Namespaces
 
-from .common import DTDForbidden, EntityForbidden, PY3
+from .common import (DTDForbidden, EntitiesForbidden,
+                     ExternalEntitiesForbidden, PY3)
 
 __origin__ = "xml.dom.expatbuilder"
 
 
     def entity_decl(self, entityName, is_parameter_entity, value, base,
                     systemId, publicId, notationName):
-        raise EntityForbidden(entityName)
+        raise EntitiesForbidden(entityName)
 
     def unparsed_entity_decl(self, name, base, sysid, pubid, notation_name):
         # expat 1.2
-        raise EntityForbidden(name)
+        raise EntitiesForbidden(name)
 
     def external_entity_ref_handler(self, context, base, systemId, publicId):
-        raise EntityForbidden(systemId, publicId)
+        raise ExternalEntitiesForbidden(systemId, publicId)
 
     def install(self, parser):
         if PY3:

defusedxml/expatreader.py

 
 from xml.sax.expatreader import ExpatParser as _ExpatParser
 
-from .common import DTDForbidden, EntityForbidden, PY3
+from .common import (DTDForbidden, EntitiesForbidden,
+                     ExternalEntitiesForbidden, PY3)
 
 __origin__ = "xml.sax.expatreader"
 
 
     def entity_decl(self, entityName, is_parameter_entity, value, base,
                     systemId, publicId, notationName):
-        raise EntityForbidden(entityName)
+        raise EntitiesForbidden(entityName)
 
     def unparsed_entity_decl(self, name, base, sysid, pubid, notation_name):
         # expat 1.2
-        raise EntityForbidden(name)
+        raise EntitiesForbidden(name)
 
     def external_entity_ref_handler(self, context, base, systemId, publicId):
-        print(context, base, systemId, publicId)
-        raise EntityForbidden(systemId, publicId)
+        raise ExternalEntitiesForbidden(systemId, publicId)
 
     def reset(self):
         if PY3:

defusedxml/lxml.py

 import threading
 from lxml import etree as _etree
 
-from .common import DTDForbidden, EntityForbidden, NotSupportedError
+from .common import DTDForbidden, EntitiesForbidden, NotSupportedError
 
 LXML3 = _etree.LXML_VERSION[0] >= 3
 
             if dtd is None:
                 continue
             for entity in dtd.iterentities():
-                raise EntityForbidden(entity.name)
+                raise EntitiesForbidden(entity.name)
 
 
 def parse(source, parser=None, base_url=None, forbid_dtd=False, forbid_entities=True):
 #!/usr/bin/env python
+from __future__ import print_function, absolute_import, division
 import sys
-import os
 from distutils.core import setup, Command
 import subprocess
 
 from xml.sax.saxutils import XMLGenerator
 
 from defusedxml import cElementTree, ElementTree, minidom, pulldom, sax
-from defusedxml import DTDForbidden, EntityForbidden, NotSupportedError
+from defusedxml import (DefusedXmlException, DTDForbidden, EntitiesForbidden,
+                        ExternalEntitiesForbidden, NotSupportedError)
 from defusedxml.common import PY3, PY26
 
 
             self.iterparse(self.xml_simple_ns)
 
     def test_entities_forbidden(self):
-        self.assertRaises(EntityForbidden, self.parse, self.xml_bomb)
-        self.assertRaises(EntityForbidden, self.parse, self.xml_quadratic)
-        self.assertRaises(EntityForbidden, self.parse, self.xml_external)
+        self.assertRaises(EntitiesForbidden, self.parse, self.xml_bomb)
+        self.assertRaises(EntitiesForbidden, self.parse, self.xml_quadratic)
+        self.assertRaises(EntitiesForbidden, self.parse, self.xml_external)
 
         #self.parse(self.xml_dtd)
-        self.assertRaises(EntityForbidden, self.parseString,
+        self.assertRaises(EntitiesForbidden, self.parseString,
                           self.get_content(self.xml_bomb))
-        self.assertRaises(EntityForbidden, self.parseString,
+        self.assertRaises(EntitiesForbidden, self.parseString,
                           self.get_content(self.xml_quadratic))
-        self.assertRaises(EntityForbidden, self.parseString,
+        self.assertRaises(EntitiesForbidden, self.parseString,
                           self.get_content(self.xml_external))
 
     def test_dtd_forbidden(self):
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.