def test_defuse_xml_unparsed_entities(self):
xml_file = casepath('resources/unparsed_entity.xml')
parser = SafeXMLParser(target=PyElementTree.TreeBuilder())
with self.assertRaises(PyElementTree.ParseError) as ctx:
ElementTree.parse(xml_file, parser=parser)
self.assertEqual("Unparsed entities are forbidden (entity_name='logo_file')",
str(ctx.exception))
def test_defuse_xml_unused_external_entities(self):
xml_file = casepath('resources/unused_external_entity.xml')
elem = ElementTree.parse(xml_file).getroot()
self.assertEqual(elem.text, 'abc')
parser = SafeXMLParser(target=PyElementTree.TreeBuilder())
with self.assertRaises(PyElementTree.ParseError) as ctx:
ElementTree.parse(xml_file, parser=parser)
self.assertEqual("Entities are forbidden (entity_name='ee')", str(ctx.exception))
def test_defuse_xml_external_entities(self):
xml_file = casepath('resources/external_entity.xml')
with self.assertRaises(ParseError) as ctx:
ElementTree.parse(xml_file)
self.assertIn("undefined entity &ee", str(ctx.exception))
parser = SafeXMLParser(target=PyElementTree.TreeBuilder())
with self.assertRaises(PyElementTree.ParseError) as ctx:
ElementTree.parse(xml_file, parser=parser)
self.assertEqual("Entities are forbidden (entity_name='ee')", str(ctx.exception))
