def __init__(self, cell_rows, cell_columns): """ Class instance constructor """ # monkey patch to attempt to block [maliciously] malformed xml from causing bomb problems defuse_stdlib() # self.__SCH_DEFAULT = ''.join(['{', self.SCH_DEFAULT, '}']) self.run_paused = True self.openfile = None self.board = None self.board_bounding_box = None self.gen_num = None self.blocks_wrapper = None self.gen_wrapper = None self.active_block = None self.nei_hoods = None self.live_cells = None self.speedcontrol = None self.showgrid = None self.sequence_value = None self.rows = cell_rows self.columns = cell_columns self.sz_x = self.CELL_WIDTH self.sz_y = self.CELL_HEIGHT self.stop_steps = self.GENERATION_STEPS self.build_gui()
def __init__(self, digital_annex_xls_list): defusedxml.defuse_stdlib() self.j1939db = OrderedDict() self.digital_annex_xls_list = list( map( lambda da: self.secure_open_workbook(filename=da, on_demand=True), digital_annex_xls_list))
def defuse_xml_libs(): """ Monkey patch and defuse all stdlib xml packages and lxml. """ from defusedxml import defuse_stdlib defuse_stdlib() import lxml import lxml.etree from . import etree as safe_etree lxml.etree = safe_etree
def get_excel_sheet(file, request): import defusedxml from defusedxml.common import EntitiesForbidden defusedxml.defuse_stdlib() try: return xlrd.open_workbook(file_contents=file.read(), on_demand=True).sheet_by_index(0) except EntitiesForbidden: _report_error_to_rollbar(file, request) raise ValidationError('This file may be damaged and ' 'cannot be processed safely')
def parse_collection(playlist): collection = r"C:\Users\Thomas.defise\Documents\Native Instruments\Traktor 2.11.3\collection.nml" defusedxml.defuse_stdlib() tree = defusedxml.ElementTree.parse(collection) track_list = list() for a in tree.iter(tag="NODE"): if a.get("NAME") == playlist: for z in a.iter(tag="PRIMARYKEY"): windows_path_track = z.get("KEY").replace("/:", "\\") track_list.append(windows_path_track) return track_list
def get_xlsx_sheet(file, request): import defusedxml from defusedxml.common import EntitiesForbidden defusedxml.defuse_stdlib() try: wb = load_workbook(filename=file) ws = wb[wb.sheetnames[0]] return ws except EntitiesForbidden: _report_error_to_rollbar(file, request) raise ValidationError('This file may be damaged and ' 'cannot be processed safely')
def __init__(self): '''construct cellular automaton instance''' # monkey patch to attempt to block [maliciously] malformed xml from # causing bomb problems defuse_stdlib() # If not loaded from a file (xml) input_context = { 'family': 'Moore', 'neighbourhood': 'base.gol', 'dimensions': 2, # 2d, square grid, Moore neighbourhood } self.rows = self.BOARD_ROWS self.columns = self.BOARD_COLUMNS self.board = [[self.DEAD_CELL for j in range(self.columns)] for i in range(self.rows)] self.board[2][1] = self.LIVING_CELL self.board[2][3] = self.LIVING_CELL self.generation_number = 0 self.live_cells_count = 2 self.blocks_wrapper = None self.hashes_wrapper = None self.gen_wrapper = None self.bounding_box = None # neighbourhood 'rule' applied to every living cell in bounding box, # or'd together and or'd with the original living cells # This is the region where a intersection with another (similarly # constructed) neighbourhood *could* change the next generation of the # current region/neighbourhood. # quick check: intersecting bounding boxes ? # if yes, intersecting neighbourhoods ? # if yes, possible (full) collision # compare next generation with and without the interferring # neighbourhood to see if really affected # self.neighbourhood # self.active_block = None self.neighbourhoods = None self.hashes = {} self.next_hash_key = 0
def __init__(self, xml_string): defusedxml.defuse_stdlib() self.dom_obj = minidom.parseString(xml_string)
#!/usr/bin/env python3 # -*- coding: utf-8 -*- import io import openpyxl import xlrd import re import defusedxml import math import functools from ... import Unit defusedxml.defuse_stdlib() class SheetReference: def _parse_sheet(self, token): try: sheet, token = token.split('#') except ValueError: sheet = 0 else: try: sheet = int(sheet, 0) - 1 except (TypeError, ValueError): if sheet[0] in ( '"', "'") and sheet[~0] == sheet[0] and len(sheet) > 2: sheet = sheet[1:~1] return sheet, token def _parse_range(self, token):
def test_main(): suite = unittest.TestSuite() suite.addTests(unittest.makeSuite(TestDefusedcElementTree)) suite.addTests(unittest.makeSuite(TestDefusedElementTree)) suite.addTests(unittest.makeSuite(TestDefusedMinidom)) suite.addTests(unittest.makeSuite(TestDefusedPulldom)) suite.addTests(unittest.makeSuite(TestDefusedSax)) suite.addTests(unittest.makeSuite(TestXmlRpc)) if lxml is not None: suite.addTests(unittest.makeSuite(TestDefusedLxml)) if gzip is not None: suite.addTests(unittest.makeSuite(TestDefusedGzip)) return suite def test_origin(): suite = unittest.TestSuite() suite.addTests(unittest.makeSuite(TestStdElementTree)) suite.addTests(unittest.makeSuite(TestStdMinidom)) return suite if __name__ == "__main__": suite = test_main() result = unittest.TextTestRunner(verbosity=1).run(suite) defuse_stdlib() suite = test_origin() result_std = unittest.TextTestRunner(verbosity=1).run(suite) success = result.wasSuccessful() and result_std.wasSuccessful() sys.exit(not success)
def __init__(self, file=None): # monkey patch to attempt to block [maliciously] malformed xml from causing bomb problems defuse_stdlib() self.xml_lint_checker = XmlLintChecker()
import sys patched_modules = ( 'lxml', 'ElementTree', 'minidom', 'pulldom', 'rdflib', 'sax', 'expatbuilder', 'expatreader', 'xmlrpc') if any(module in sys.modules for module in patched_modules): existing_modules = [ (module, module in sys.modules) for module in patched_modules] raise ImportError( 'this monkey patch was not applied early enough. {0}'.format( existing_modules)) from defusedxml import defuse_stdlib # noqa defuse_stdlib() import lxml # noqa import lxml.etree # noqa from rdflib.plugins.parsers import rdfxml # noqa from xml.sax.handler import feature_external_ges, feature_external_pes # noqa from olympia.lib import safe_lxml_etree # noqa lxml.etree = safe_lxml_etree _rdfxml_create_parser = rdfxml.create_parser
import hashlib import defusedxml.ElementTree as ET from defusedxml import defuse_stdlib from defusedxml.minidom import parseString from mo.front.common.partial_infer.utils import unmask_shape, is_fully_defined from mo.graph.graph import * from mo.middle.passes.convert_data_type import np_data_type_to_precision from mo.utils.unsupported_ops import UnsupportedOps from mo.utils.utils import refer_to_faq_msg from mo.utils.version import get_version # defuse_stdlib provide patched version of xml.etree.ElementTree which allows to use objects from xml.etree.ElementTree # in a safe manner without including unsafe xml.etree.ElementTree ET_defused = defuse_stdlib()[ET] Element = ET_defused.Element SubElement = ET_defused.SubElement tostring = ET_defused.tostring def serialize_constants(graph: Graph, bin_file_name: str, data_type=np.float32): """ Found all data constants that has output edges with 'bin' attribute. Serialize content for such constants to a binary file with name bin_file_name in raw format. Save offset and length of serialized area in the file as 'offset' and 'size' attributes of data node. Args:
import discord from discord.ext import commands from cogs import Cog from cogs.user_simulator import UserSimulator import defusedxml import time defusedxml.defuse_stdlib() # Monkey-patch all XML libs. # https://gist.github.com/BananaWagon/068cef8ff640e90d3636d133fa8f72a1 class Manager(Cog, command_attrs=dict(hidden=True)): """ Manages the channel events the bot needs to handle. """ def __init__(self, bot): super().__init__(bot) # self.settings.register("test", "default value") @commands.Cog.listener() @commands.guild_only() async def on_message(self, message: discord.Message): if message.author.bot or not message.guild: return self.handler.store_user_message(message, commit_after=True) @commands.Cog.listener() @commands.guild_only() async def on_raw_reaction_add(self, payload: discord.RawReactionActionEvent): if payload.user_id == self.bot.user.id or not payload.guild_id: return print('Emoji:', payload.emoji.name)
import logging from urllib import urlencode elementtree_modules = [ 'defusedxml.lxml', 'lxml.etree', 'xml.etree.cElementTree', 'xml.etree.ElementTree', 'cElementTree', 'elementtree.ElementTree', ] try: import defusedxml defusedxml.defuse_stdlib() except ImportError: logging.warning('defusedxml not found! It is recommended that you install defusedxml ' 'to avoid vulnerabilities related to XML parsing. For more details see ' 'https://pypi.python.org/pypi/defusedxml/') def toUnicode(value): """Returns the given argument as a unicode object. @param value: A UTF-8 encoded string or a unicode (coercable) object @type message: str or unicode @returns: Unicode object representing the input value. """ if isinstance(value, str): return value.decode('utf-8')
from collections import namedtuple, defaultdict from pathlib import Path import numpy as np from mo.front.common.partial_infer.utils import dynamic_dimension_value, shape_array from mo.graph.graph import Node, Graph from mo.utils.ir_engine.compare_graphs import compare_graphs log.basicConfig(format="[ %(levelname)s ] %(message)s", level=log.DEBUG, stream=sys.stdout) # defuse_stdlib provide patched version of xml.etree.ElementTree which allows to use objects from xml.etree.ElementTree # in a safe manner without including unsafe xml.etree.ElementTree ElementTree = defuse_stdlib()[ET].ElementTree class IREngine(object): def __init__(self, path_to_xml: str, path_to_bin=None, precision="FP32", xml_tree=None): if not xml_tree and not os.path.exists(path_to_xml): raise AttributeError("File {} do not exists!".format(path_to_xml)) if path_to_bin and not os.path.exists(path_to_bin): raise AttributeError("File {} do not exists!".format(path_to_bin)) self.path_to_xml = str(path_to_xml)
def init(): #security: monkeypatch against attack vectors, DDos etc #(while unlikely, some xml hacks can get to our files) #also see filtering regexes in config.json xmlpatcher.defuse_stdlib()
def defuse(): defusedxml.defuse_stdlib()