[Git][reproducible-builds/diffoscope][master] Don't raise an exception when we encounter XML files with <!ENTITY>...
Chris Lamb
gitlab at salsa.debian.org
Tue Aug 18 10:34:04 UTC 2020
Chris Lamb pushed to branch master at Reproducible Builds / diffoscope
Commits:
8cb0e85a by Chris Lamb at 2020-08-18T11:33:38+01:00
Don't raise an exception when we encounter XML files with <!ENTITY> declarations inside the DTD or when a DTD or entity references an external resource. (Closes: reproducible-builds/diffoscope#212)
- - - - -
1 changed file:
- diffoscope/comparators/xml.py
Changes:
=====================================
diffoscope/comparators/xml.py
=====================================
@@ -27,8 +27,10 @@ from diffoscope.tools import python_module_missing
from .missing_file import MissingFile
try:
+ defusedxml = True
from defusedxml import minidom
except ImportError:
+ defusedxml = False
python_module_missing("defusedxml")
from xml.dom import minidom
@@ -61,7 +63,12 @@ def _parse(file):
Returns:
str: formated string object
"""
- xml = minidom.parse(file)
+
+ if defusedxml:
+ xml = minidom.parse(file, forbid_entities=False, forbid_external=False)
+ else:
+ xml = minidom.parse(file)
+
_format(xml)
xml.normalize()
View it on GitLab: https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/8cb0e85a67646b76b2f96969a0764a5574ce6b26
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/8cb0e85a67646b76b2f96969a0764a5574ce6b26
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20200818/f86671ef/attachment.htm>
More information about the rb-commits
mailing list