Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.11/site-packages/pikepdf/_xml.py: 60%

Shortcuts on this page

r m x   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

15 statements  

1# SPDX-FileCopyrightText: 2022 James R. Barlow 

2# SPDX-License-Identifier: MPL-2.0 

3 

4from __future__ import annotations 

5 

6from typing import IO, Any, AnyStr 

7 

8from lxml.etree import XMLParser as _UnsafeXMLParser 

9from lxml.etree import _Element, _ElementTree 

10from lxml.etree import parse as _parse 

11 

12 

13class _XMLParser(_UnsafeXMLParser): 

14 def __init__(self, *args: Any, **kwargs: Any): 

15 # Prevent XXE attacks 

16 # https://rules.sonarsource.com/python/type/Vulnerability/RSPEC-2755 

17 kwargs['resolve_entities'] = False 

18 kwargs['no_network'] = True 

19 super().__init__(*args, **kwargs) 

20 

21 

22def parse_xml(source: AnyStr | IO[Any], recover: bool = False) -> _ElementTree: 

23 """Wrap lxml's parse to provide protection against XXE attacks.""" 

24 parser = _XMLParser(recover=recover, remove_pis=False) 

25 return _parse(source, parser=parser) 

26 

27 

28__all__ = ['parse_xml', '_ElementTree', '_Element']