cpython: 9513fac97ddd (original) (raw)

Mercurial > cpython

changeset 104483:9513fac97ddd

Issue #18789: Update XML vulnerability table to use Safe/Vulnerable instead of No/Yes. (3.6->3.7) [#18789]

Guido van Rossum guido@python.org
date Thu, 13 Oct 2016 14:32:55 -0700
parents c7c428350578(current diff)beed43d7dc46(diff)
children 2dd8689ce678
files
diffstat 1 files changed, 9 insertions(+), 9 deletions(-)[+] [-] Doc/library/xml.rst 18

line wrap: on

line diff

--- a/Doc/library/xml.rst +++ b/Doc/library/xml.rst @@ -60,15 +60,15 @@ circumvent firewalls. The following table gives an overview of the known attacks and whether the various modules are vulnerable to them. -========================= ======== ========= ========= ======== ========= -kind sax etree minidom pulldom xmlrpc -========================= ======== ========= ========= ======== ========= -billion laughs Yes Yes Yes Yes Yes -quadratic blowup Yes Yes Yes Yes Yes -external entity expansion Yes No (1) No (2) Yes No (3) -DTD_ retrieval Yes No No Yes No -decompression bomb No No No No Yes -========================= ======== ========= ========= ======== ========= +========================= ============== =============== ============== ============== ============== +kind sax etree minidom pulldom xmlrpc +========================= ============== =============== ============== ============== ============== +billion laughs Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable +quadratic blowup Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable +external entity expansion Vulnerable Safe (1) Safe (2) Vulnerable Safe (3) +DTD_ retrieval Vulnerable Safe Safe Vulnerable Safe +decompression bomb Safe Safe Safe Safe Vulnerable +========================= ============== =============== ============== ============== ==============

  1. :mod:xml.etree.ElementTree doesn't expand external entities and raises a :exc:ParserError when an entity occurs.