Skip to content

Commit

Permalink
No longer using defusedxml since it is not necessary.
Browse files Browse the repository at this point in the history 
- mimicked behaviour from defused into the loader.py
- bumped lxml version to > 4.6.0
  • Loading branch information
@klaasjanelzinga @mvantellingen
klaasjanelzinga authored and mvantellingen committed Apr 11, 2021
1 parent 83eefa2 commit b17e0c2
Show file tree
Hide file tree
Showing 7 changed files with 46 additions and 15 deletions.
1 change: 1 addition & 0 deletions README.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ Installation
Note that the latest version to support Python 2.7, 3.3, 3.4 and 3.5 is Zeep 3.4, install via `pip install zeep==3.4.0`

Zeep uses the lxml library for parsing xml. See https://lxml.de/installation.html for the installation requirements.

Usage
-----
Expand Down
3 changes: 1 addition & 2 deletions setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,8 @@
"appdirs>=1.4.0",
"attrs>=17.2.0",
"cached-property>=1.3.0",
"defusedxml>=0.4.1",
"isodate>=0.5.4",
"lxml>=3.1.0",
"lxml>=4.6.0",
"requests>=2.7.0",
"requests-toolbelt>=0.7.1",
"requests-file>=1.5.1",
Expand Down
23 changes: 23 additions & 0 deletions src/zeep/exceptions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,3 +91,26 @@ class IncompleteMessage(Error):

class IncompleteOperation(Error):
pass


class DTDForbidden(Error):
def __init__(self, name, sysid, pubid):
super(DTDForbidden, self).__init__()
self.name = name
self.sysid = sysid
self.pubid = pubid

def __str__(self):
tpl = "DTDForbidden(name='{}', system_id={!r}, public_id={!r})"
return tpl.format(self.name, self.sysid, self.pubid)


class EntitiesForbidden(Error):
def __init__(self, name, content):
super(EntitiesForbidden, self).__init__()
self.name = name
self.content = content

def __str__(self):
tpl = "EntitiesForbidden(name='{}', content={!r})"
return tpl.format(self.name, self.content)
28 changes: 18 additions & 10 deletions src/zeep/loader.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,15 @@
import typing
from urllib.parse import urljoin, urlparse, urlunparse

from defusedxml.lxml import fromstring
from exceptions import DTDForbidden, EntitiesForbidden
from lxml import etree
from lxml.etree import fromstring, XMLParser, XMLSyntaxError, Resolver

from zeep.exceptions import XMLSyntaxError
from zeep.settings import Settings


class ImportResolver(etree.Resolver):
class ImportResolver(Resolver):
"""Custom lxml resolve to use the transport object"""

def __init__(self, transport):
Expand Down Expand Up @@ -39,21 +40,28 @@ def parse_xml(content: str, transport, base_url=None, settings=None):
"""
settings = settings or Settings()
recover = not settings.strict
parser = etree.XMLParser(
parser = XMLParser(
remove_comments=True,
resolve_entities=False,
recover=recover,
huge_tree=settings.xml_huge_tree,
)
parser.resolvers.add(ImportResolver(transport))
try:
return fromstring(
content,
parser=parser,
base_url=base_url,
forbid_dtd=settings.forbid_dtd,
forbid_entities=settings.forbid_entities,
)
elementtree = fromstring(content, parser=parser,base_url=base_url)
docinfo = elementtree.getroottree().docinfo
if docinfo.doctype:
if settings.forbid_dtd:
raise DTDForbidden(docinfo.doctype, docinfo.system_url, docinfo.public_id)
if settings.forbid_entities:
for dtd in docinfo.internalDTD, docinfo.externalDTD:
if dtd is None:
continue
for entity in dtd.iterentities():
raise EntitiesForbidden(entity.name, entity.content)


return elementtree
except etree.XMLSyntaxError as exc:
raise XMLSyntaxError(
"Invalid XML content received (%s)" % exc.msg, content=content
Expand Down
2 changes: 1 addition & 1 deletion src/zeep/wsdl/messages/mime.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
"""
from urllib.parse import urlencode

from defusedxml.lxml import fromstring
from lxml import etree
from lxml.etree import fromstring

from zeep import ns, xsd
from zeep.helpers import serialize_object
Expand Down
2 changes: 1 addition & 1 deletion tests/test_loader.py
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import pytest
from defusedxml import DTDForbidden, EntitiesForbidden
from exceptions import DTDForbidden, EntitiesForbidden
from pytest import raises as assert_raises

from tests.utils import DummyTransport
Expand Down
2 changes: 1 addition & 1 deletion tests/test_wsdl.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

import pytest
import requests_mock
from defusedxml import DTDForbidden, EntitiesForbidden
from exceptions import DTDForbidden, EntitiesForbidden
from lxml import etree
from pretend import stub

Expand Down

0 comments on commit b17e0c2

Please sign in to comment.