summaryrefslogtreecommitdiff
path: root/libmat2
diff options
context:
space:
mode:
authorjvoisin2018-07-08 17:07:26 +0200
committerjvoisin2018-07-08 17:07:26 +0200
commitf9bc022c96dd73f5d5551777c19536db2464f06a (patch)
tree1bb23b0d599564863a2d4fdddb63146a2324861c /libmat2
parent72e1fda18d2788fb45c04e35a6447a56599c86ed (diff)
Add defusedxml as an (optional) way to prevent XML-based attacks
Those attacks are DoS-only.
Diffstat (limited to 'libmat2')
-rw-r--r--libmat2/office.py5
1 files changed, 4 insertions, 1 deletions
diff --git a/libmat2/office.py b/libmat2/office.py
index 14621d4..0d0c795 100644
--- a/libmat2/office.py
+++ b/libmat2/office.py
@@ -4,8 +4,11 @@ import shutil
4import tempfile 4import tempfile
5import datetime 5import datetime
6import zipfile 6import zipfile
7import xml.etree.ElementTree as ET
8from typing import Dict, Set, Pattern 7from typing import Dict, Set, Pattern
8try: # protect against DoS
9 from defusedxml import ElementTree as ET
10except ImportError:
11 import xml.etree.ElementTree as ET
9 12
10 13
11from . import abstract, parser_factory 14from . import abstract, parser_factory