Beispiel #1
0
    def test_safe_parse_xml(self):

        normal_body = ("""
                 <?xml version="1.0" ?><foo>
                    <bar>
                        <v1>hey</v1>
                        <v2>there</v2>
                    </bar>
                </foo>""").strip()

        def killer_body():
            return (("""<!DOCTYPE x [
                    <!ENTITY a "%(a)s">
                    <!ENTITY b "%(b)s">
                    <!ENTITY c "%(c)s">]>
                <foo>
                    <bar>
                        <v1>%(d)s</v1>
                    </bar>
                </foo>""") % {
                'a': 'A' * 10,
                'b': '&a;' * 10,
                'c': '&b;' * 10,
                'd': '&c;' * 9999,
            }).strip()

        dom = xmlutils.safe_minidom_parse_string(normal_body)
        self.assertEqual(normal_body, str(dom.toxml()))

        self.assertRaises(ValueError, xmlutils.safe_minidom_parse_string,
                          killer_body())
    def test_safe_parse_xml(self):

        normal_body = ("""
                 <?xml version="1.0" ?><foo>
                    <bar>
                        <v1>hey</v1>
                        <v2>there</v2>
                    </bar>
                </foo>""").strip()

        def killer_body():
            return (("""<!DOCTYPE x [
                    <!ENTITY a "%(a)s">
                    <!ENTITY b "%(b)s">
                    <!ENTITY c "%(c)s">]>
                <foo>
                    <bar>
                        <v1>%(d)s</v1>
                    </bar>
                </foo>""") % {
                'a': 'A' * 10,
                'b': '&a;' * 10,
                'c': '&b;' * 10,
                'd': '&c;' * 9999,
            }).strip()

        dom = xmlutils.safe_minidom_parse_string(normal_body)
        self.assertEqual(normal_body, str(dom.toxml()))

        self.assertRaises(ValueError,
                          xmlutils.safe_minidom_parse_string,
                          killer_body())
Beispiel #3
0
    def _from_xml(self, datastring):
        plurals = set(self.metadata.get('plurals', {}))

        try:
            node = xmlutils.safe_minidom_parse_string(datastring).childNodes[0]
            return {node.nodeName: self._from_xml_node(node, plurals)}
        except expat.ExpatError:
            msg = _("cannot understand XML")
            raise MalformedRequestBody(reason=msg)
Beispiel #4
0
    def _from_xml(self, datastring):
        plurals = set(self.metadata.get('plurals', {}))

        try:
            node = xmlutils.safe_minidom_parse_string(datastring).childNodes[0]
            return {node.nodeName: self._from_xml_node(node, plurals)}
        except expat.ExpatError:
            msg = _("cannot understand XML")
            raise exception.MalformedRequestBody(reason=msg)