1. Christian Heimes
  2. defusedxml


defusedxml / defusedxml / __init__.py

# defusedxml
# Copyright (c) 2013 by Christian Heimes <christian@python.org>
# Licensed to PSF under a Contributor Agreement.
# See http://www.python.org/psf/license for licensing details.
"""Defuse XML bomb denial of service vulnerabilities
from __future__ import print_function, absolute_import

from .common import (DefusedXmlException, DTDForbidden, EntitiesForbidden,
                     ExternalReferenceForbidden, NotSupportedError,

def defuse_stdlib():
    """Monkey patch and defuse all stdlib packages

    :warning: The monkey patch is an EXPERIMETNAL feature.
    defused = {}

    from . import cElementTree
    from . import ElementTree
    from . import minidom
    from . import pulldom
    from . import sax
    from . import expatbuilder
    from . import expatreader
    from . import xmlrpc

    defused[xmlrpc] = None

    for defused_mod in [cElementTree, ElementTree, minidom, pulldom, sax,
                        expatbuilder, expatreader]:
        stdlib_mod = _apply_defusing(defused_mod)
        defused[defused_mod] = stdlib_mod

    return defused

__version__ = "0.4.1"