def __init__(self, cell_rows, cell_columns):
"""
Class instance constructor
"""
# monkey patch to attempt to block [maliciously] malformed xml from causing bomb problems
defuse_stdlib()
# self.__SCH_DEFAULT = ''.join(['{', self.SCH_DEFAULT, '}'])
self.run_paused = True
self.openfile = None
self.board = None
self.board_bounding_box = None
self.gen_num = None
self.blocks_wrapper = None
self.gen_wrapper = None
self.active_block = None
self.nei_hoods = None
self.live_cells = None
self.speedcontrol = None
self.showgrid = None
self.sequence_value = None
self.rows = cell_rows
self.columns = cell_columns
self.sz_x = self.CELL_WIDTH
self.sz_y = self.CELL_HEIGHT
self.stop_steps = self.GENERATION_STEPS
self.build_gui()
def __init__(self, digital_annex_xls_list):
defusedxml.defuse_stdlib()
self.j1939db = OrderedDict()
self.digital_annex_xls_list = list(
map(
lambda da: self.secure_open_workbook(filename=da,
on_demand=True),
digital_annex_xls_list))
def defuse_xml_libs():
"""
Monkey patch and defuse all stdlib xml packages and lxml.
"""
from defusedxml import defuse_stdlib
defuse_stdlib()
import lxml
import lxml.etree
from . import etree as safe_etree
lxml.etree = safe_etree
def get_excel_sheet(file, request):
import defusedxml
from defusedxml.common import EntitiesForbidden
defusedxml.defuse_stdlib()
try:
return xlrd.open_workbook(file_contents=file.read(),
on_demand=True).sheet_by_index(0)
except EntitiesForbidden:
_report_error_to_rollbar(file, request)
raise ValidationError('This file may be damaged and '
'cannot be processed safely')
def parse_collection(playlist):
collection = r"C:\Users\Thomas.defise\Documents\Native Instruments\Traktor 2.11.3\collection.nml"
defusedxml.defuse_stdlib()
tree = defusedxml.ElementTree.parse(collection)
track_list = list()
for a in tree.iter(tag="NODE"):
if a.get("NAME") == playlist:
for z in a.iter(tag="PRIMARYKEY"):
windows_path_track = z.get("KEY").replace("/:", "\\")
track_list.append(windows_path_track)
return track_list
def get_xlsx_sheet(file, request):
import defusedxml
from defusedxml.common import EntitiesForbidden
defusedxml.defuse_stdlib()
try:
wb = load_workbook(filename=file)
ws = wb[wb.sheetnames[0]]
return ws
except EntitiesForbidden:
_report_error_to_rollbar(file, request)
raise ValidationError('This file may be damaged and '
'cannot be processed safely')
def __init__(self):
'''construct cellular automaton instance'''
# monkey patch to attempt to block [maliciously] malformed xml from
# causing bomb problems
defuse_stdlib()
# If not loaded from a file (xml)
input_context = {
'family': 'Moore',
'neighbourhood': 'base.gol',
'dimensions': 2, # 2d, square grid, Moore neighbourhood
}
self.rows = self.BOARD_ROWS
self.columns = self.BOARD_COLUMNS
self.board = [[self.DEAD_CELL for j in range(self.columns)]
for i in range(self.rows)]
self.board[2][1] = self.LIVING_CELL
self.board[2][3] = self.LIVING_CELL
self.generation_number = 0
self.live_cells_count = 2
self.blocks_wrapper = None
self.hashes_wrapper = None
self.gen_wrapper = None
self.bounding_box = None
# neighbourhood 'rule' applied to every living cell in bounding box,
# or'd together and or'd with the original living cells
# This is the region where a intersection with another (similarly
# constructed) neighbourhood *could* change the next generation of the
# current region/neighbourhood.
# quick check: intersecting bounding boxes ?
# if yes, intersecting neighbourhoods ?
# if yes, possible (full) collision
# compare next generation with and without the interferring
# neighbourhood to see if really affected
# self.neighbourhood #
self.active_block = None
self.neighbourhoods = None
self.hashes = {}
self.next_hash_key = 0
def __init__(self, xml_string):
defusedxml.defuse_stdlib()
self.dom_obj = minidom.parseString(xml_string)
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import io
import openpyxl
import xlrd
import re
import defusedxml
import math
import functools
from ... import Unit
defusedxml.defuse_stdlib()
class SheetReference:
def _parse_sheet(self, token):
try:
sheet, token = token.split('#')
except ValueError:
sheet = 0
else:
try:
sheet = int(sheet, 0) - 1
except (TypeError, ValueError):
if sheet[0] in (
'"', "'") and sheet[~0] == sheet[0] and len(sheet) > 2:
sheet = sheet[1:~1]
return sheet, token
def _parse_range(self, token):
def test_main():
suite = unittest.TestSuite()
suite.addTests(unittest.makeSuite(TestDefusedcElementTree))
suite.addTests(unittest.makeSuite(TestDefusedElementTree))
suite.addTests(unittest.makeSuite(TestDefusedMinidom))
suite.addTests(unittest.makeSuite(TestDefusedPulldom))
suite.addTests(unittest.makeSuite(TestDefusedSax))
suite.addTests(unittest.makeSuite(TestXmlRpc))
if lxml is not None:
suite.addTests(unittest.makeSuite(TestDefusedLxml))
if gzip is not None:
suite.addTests(unittest.makeSuite(TestDefusedGzip))
return suite
def test_origin():
suite = unittest.TestSuite()
suite.addTests(unittest.makeSuite(TestStdElementTree))
suite.addTests(unittest.makeSuite(TestStdMinidom))
return suite
if __name__ == "__main__":
suite = test_main()
result = unittest.TextTestRunner(verbosity=1).run(suite)
defuse_stdlib()
suite = test_origin()
result_std = unittest.TextTestRunner(verbosity=1).run(suite)
success = result.wasSuccessful() and result_std.wasSuccessful()
sys.exit(not success)
def __init__(self, file=None):
# monkey patch to attempt to block [maliciously] malformed xml from causing bomb problems
defuse_stdlib()
self.xml_lint_checker = XmlLintChecker()
import sys
patched_modules = (
'lxml', 'ElementTree', 'minidom', 'pulldom', 'rdflib',
'sax', 'expatbuilder', 'expatreader', 'xmlrpc')
if any(module in sys.modules for module in patched_modules):
existing_modules = [
(module, module in sys.modules) for module in patched_modules]
raise ImportError(
'this monkey patch was not applied early enough. {0}'.format(
existing_modules))
from defusedxml import defuse_stdlib # noqa
defuse_stdlib()
import lxml # noqa
import lxml.etree # noqa
from rdflib.plugins.parsers import rdfxml # noqa
from xml.sax.handler import feature_external_ges, feature_external_pes # noqa
from olympia.lib import safe_lxml_etree # noqa
lxml.etree = safe_lxml_etree
_rdfxml_create_parser = rdfxml.create_parser
import hashlib
import defusedxml.ElementTree as ET
from defusedxml import defuse_stdlib
from defusedxml.minidom import parseString
from mo.front.common.partial_infer.utils import unmask_shape, is_fully_defined
from mo.graph.graph import *
from mo.middle.passes.convert_data_type import np_data_type_to_precision
from mo.utils.unsupported_ops import UnsupportedOps
from mo.utils.utils import refer_to_faq_msg
from mo.utils.version import get_version
# defuse_stdlib provide patched version of xml.etree.ElementTree which allows to use objects from xml.etree.ElementTree
# in a safe manner without including unsafe xml.etree.ElementTree
ET_defused = defuse_stdlib()[ET]
Element = ET_defused.Element
SubElement = ET_defused.SubElement
tostring = ET_defused.tostring
def serialize_constants(graph: Graph,
bin_file_name: str,
data_type=np.float32):
"""
Found all data constants that has output edges with 'bin' attribute.
Serialize content for such constants to a binary file with name bin_file_name in
raw format. Save offset and length of serialized area in the file as 'offset' and 'size'
attributes of data node.
Args:
import discord
from discord.ext import commands
from cogs import Cog
from cogs.user_simulator import UserSimulator
import defusedxml
import time
defusedxml.defuse_stdlib() # Monkey-patch all XML libs.
# https://gist.github.com/BananaWagon/068cef8ff640e90d3636d133fa8f72a1
class Manager(Cog, command_attrs=dict(hidden=True)):
""" Manages the channel events the bot needs to handle. """
def __init__(self, bot):
super().__init__(bot)
# self.settings.register("test", "default value")
@commands.Cog.listener()
@commands.guild_only()
async def on_message(self, message: discord.Message):
if message.author.bot or not message.guild:
return
self.handler.store_user_message(message, commit_after=True)
@commands.Cog.listener()
@commands.guild_only()
async def on_raw_reaction_add(self,
payload: discord.RawReactionActionEvent):
if payload.user_id == self.bot.user.id or not payload.guild_id:
return
print('Emoji:', payload.emoji.name)
import logging
from urllib import urlencode
elementtree_modules = [
'defusedxml.lxml',
'lxml.etree',
'xml.etree.cElementTree',
'xml.etree.ElementTree',
'cElementTree',
'elementtree.ElementTree',
]
try:
import defusedxml
defusedxml.defuse_stdlib()
except ImportError:
logging.warning('defusedxml not found! It is recommended that you install defusedxml '
'to avoid vulnerabilities related to XML parsing. For more details see '
'https://pypi.python.org/pypi/defusedxml/')
def toUnicode(value):
"""Returns the given argument as a unicode object.
@param value: A UTF-8 encoded string or a unicode (coercable) object
@type message: str or unicode
@returns: Unicode object representing the input value.
"""
if isinstance(value, str):
return value.decode('utf-8')
def __init__(self, xml_string):
defusedxml.defuse_stdlib()
self.dom_obj = minidom.parseString(xml_string)
from collections import namedtuple, defaultdict
from pathlib import Path
import numpy as np
from mo.front.common.partial_infer.utils import dynamic_dimension_value, shape_array
from mo.graph.graph import Node, Graph
from mo.utils.ir_engine.compare_graphs import compare_graphs
log.basicConfig(format="[ %(levelname)s ] %(message)s",
level=log.DEBUG,
stream=sys.stdout)
# defuse_stdlib provide patched version of xml.etree.ElementTree which allows to use objects from xml.etree.ElementTree
# in a safe manner without including unsafe xml.etree.ElementTree
ElementTree = defuse_stdlib()[ET].ElementTree
class IREngine(object):
def __init__(self,
path_to_xml: str,
path_to_bin=None,
precision="FP32",
xml_tree=None):
if not xml_tree and not os.path.exists(path_to_xml):
raise AttributeError("File {} do not exists!".format(path_to_xml))
if path_to_bin and not os.path.exists(path_to_bin):
raise AttributeError("File {} do not exists!".format(path_to_bin))
self.path_to_xml = str(path_to_xml)
def init():
#security: monkeypatch against attack vectors, DDos etc
#(while unlikely, some xml hacks can get to our files)
#also see filtering regexes in config.json
xmlpatcher.defuse_stdlib()
def defuse():
defusedxml.defuse_stdlib()
