def test_safe_parse_xml(self): normal_body = (""" <?xml version="1.0" ?><foo> <bar> <v1>hey</v1> <v2>there</v2> </bar> </foo>""").strip() def killer_body(): return (("""<!DOCTYPE x [ <!ENTITY a "%(a)s"> <!ENTITY b "%(b)s"> <!ENTITY c "%(c)s">]> <foo> <bar> <v1>%(d)s</v1> </bar> </foo>""") % { 'a': 'A' * 10, 'b': '&a;' * 10, 'c': '&b;' * 10, 'd': '&c;' * 9999, }).strip() dom = xmlutils.safe_minidom_parse_string(normal_body) self.assertEqual(normal_body, str(dom.toxml())) self.assertRaises(ValueError, xmlutils.safe_minidom_parse_string, killer_body())
def test_safe_parse_xml(self): normal_body = (""" <?xml version="1.0" ?><foo> <bar> <v1>hey</v1> <v2>there</v2> </bar> </foo>""").strip() def killer_body(): return (("""<!DOCTYPE x [ <!ENTITY a "%(a)s"> <!ENTITY b "%(b)s"> <!ENTITY c "%(c)s">]> <foo> <bar> <v1>%(d)s</v1> </bar> </foo>""") % { 'a': 'A' * 10, 'b': '&a;' * 10, 'c': '&b;' * 10, 'd': '&c;' * 9999, }).strip() dom = xmlutils.safe_minidom_parse_string(normal_body) self.assertEqual(normal_body, str(dom.toxml())) self.assertRaises(ValueError, xmlutils.safe_minidom_parse_string, killer_body())
def _from_xml(self, datastring): plurals = set(self.metadata.get('plurals', {})) try: node = xmlutils.safe_minidom_parse_string(datastring).childNodes[0] return {node.nodeName: self._from_xml_node(node, plurals)} except expat.ExpatError: msg = _("cannot understand XML") raise MalformedRequestBody(reason=msg)
def _from_xml(self, datastring): plurals = set(self.metadata.get('plurals', {})) try: node = xmlutils.safe_minidom_parse_string(datastring).childNodes[0] return {node.nodeName: self._from_xml_node(node, plurals)} except expat.ExpatError: msg = _("cannot understand XML") raise exception.MalformedRequestBody(reason=msg)