def test_dtd(self):
"""
Any DTD urls must fail by default.
"""
xml = '<!DOCTYPE x SYSTEM "file:///etc/group"><x>Remote DTD 1</x>'
with self.assertRaises(defusedxml.DTDForbidden):
self.fromstring(xml.strip())
def test_dtd(self):
"""
Any DTD urls must fail by default.
"""
xml = '<!DOCTYPE x SYSTEM "file:///etc/group"><x>Remote DTD 1</x>'
with self.assertRaises(defusedxml.DTDForbidden):
self.fromstring(xml.strip())
def test_param_entity(self):
"""
Ensure that any xml params that are decdoed into SYSTEM entities fail.
"""
xml = """
<!DOCTYPE x [ <!ENTITY % foo SYSTEM "file:///etc/group"> %foo; ]>
<x>Parameter entity 1</x>
"""
with self.assertRaises(defusedxml.EntitiesForbidden):
self.fromstring(xml.strip(), forbid_dtd=False)
def test_param_entity(self):
"""
Ensure that any xml params that are decdoed into SYSTEM entities fail.
"""
xml = """
<!DOCTYPE x [ <!ENTITY % foo SYSTEM "file:///etc/group"> %foo; ]>
<x>Parameter entity 1</x>
"""
with self.assertRaises(defusedxml.EntitiesForbidden):
self.fromstring(xml.strip(), forbid_dtd=False)
def test_system_entity(self):
"""
Ensure that any SYSTEM entities fail by default
"""
xml = """
<!DOCTYPE x [ <!ENTITY foo SYSTEM "file:///etc/group"> ]>
<x>External entity 1: &foo;</x>
"""
with self.assertRaises(defusedxml.EntitiesForbidden):
self.fromstring(xml.strip(), forbid_dtd=False)
def test_system_entity(self):
"""
Ensure that any SYSTEM entities fail by default
"""
xml = """
<!DOCTYPE x [ <!ENTITY foo SYSTEM "file:///etc/group"> ]>
<x>External entity 1: &foo;</x>
"""
with self.assertRaises(defusedxml.EntitiesForbidden):
self.fromstring(xml.strip(), forbid_dtd=False)
