Mathieu Le Marec - Pasquet
11 years ago
7 changed files with 60 additions and 55 deletions
Unified View
Diff Options
-
+21 -2CHANGES.txt
-
+2 -0README.txt
-
+0 -0old.Changelog
-
+3 -42setup.py
-
+29 -9src/SOAPpy/Parser.py
-
+5 -2src/SOAPpy/version.py
-
+0 -0tests/vul_lol.txt
+ 21
- 2
CHANGES.txt
View File
| @@ -1,8 +1,27 @@ | |||||
| CHANGELOG | CHANGELOG | ||||
| ===================== | ===================== | ||||
| 0.12.6 (unreleased) | |||||
| ----------------------- | |||||
| 0.12.19 (unreleased) | |||||
| -------------------- | |||||
| - Nothing changed yet. | |||||
| 0.12.18 (2014-05-15) | |||||
| -------------------- | |||||
| - better version handling [kiorky] | |||||
| 0.12.6 (2014-05-15) | |||||
| ------------------- | |||||
| - display summary on pypi [kiorky] | |||||
| 0.12.6 (2014-05-15) | |||||
| ------------------- | |||||
| - fix cve CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities -- LOL part | |||||
| [kiorky] | |||||
| - fix cve CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities -- XXE part | - fix cve CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities -- XXE part | ||||
| [kiorky] | [kiorky] | ||||
| - Remove dependency on fpconst. | - Remove dependency on fpconst. | ||||
+ 2
- 0
README.txt
View File
| @@ -2,6 +2,8 @@ | |||||
| SOAPpy - Simple to use SOAP library for Python | SOAPpy - Simple to use SOAP library for Python | ||||
| ============================================== | ============================================== | ||||
| .. contents:: | |||||
| Disclaimer | Disclaimer | ||||
| ========== | ========== | ||||
| Please use `suds <https://pypi.python.org/pypi/suds>`_ rather than SOAPpy. | Please use `suds <https://pypi.python.org/pypi/suds>`_ rather than SOAPpy. | ||||
ChangeLog → old.Changelog
View File
+ 3
- 42
setup.py
View File
| @@ -11,53 +11,13 @@ def read(*rnames): | |||||
| return "\n"+ open( | return "\n"+ open( | ||||
| os.path.join('.', *rnames) | os.path.join('.', *rnames) | ||||
| ).read() | ).read() | ||||
| def load_version(): | |||||
| """ | |||||
| Load the version number by executing the version file in a variable. This | |||||
| way avoids executing the __init__.py file which load nearly everything in | |||||
| the project, including fpconst which is not yet installed when this script | |||||
| is executed. | |||||
| Source: https://github.com/mitsuhiko/flask/blob/master/flask/config.py#L108 | |||||
| """ | |||||
| import imp | |||||
| from os import path | |||||
| filename = path.join(path.dirname(__file__), 'src', 'SOAPpy', 'version.py') | |||||
| d = imp.new_module('version') | |||||
| d.__file__ = filename | |||||
| try: | |||||
| execfile(filename, d.__dict__) | |||||
| except IOError, e: | |||||
| e.strerror = 'Unable to load the version number (%s)' % e.strerror | |||||
| raise | |||||
| return d.__version__ | |||||
| __version__ = load_version() | |||||
| url="https://github.com/kiorky/SOAPpy.git" | url="https://github.com/kiorky/SOAPpy.git" | ||||
| long_description="SOAPpy provides tools for building SOAP clients and servers. For more information see " + url\ | long_description="SOAPpy provides tools for building SOAP clients and servers. For more information see " + url\ | ||||
| +'\n'+read('README.txt')\ | +'\n'+read('README.txt')\ | ||||
| +'\n'+read('CHANGES.txt')\ | |||||
| if CVS: | |||||
| import time | |||||
| __version__ += "_CVS_" + time.strftime('%Y_%m_%d') | |||||
| +'\n'+read('CHANGES.txt') | |||||
| setup( | setup( | ||||
| name="SOAPpy", | name="SOAPpy", | ||||
| version=__version__, | |||||
| version='0.12.19.dev0', | |||||
| description="SOAP Services for Python", | description="SOAP Services for Python", | ||||
| maintainer="Gregory Warnes, kiorky", | maintainer="Gregory Warnes, kiorky", | ||||
| maintainer_email="Gregory.R.Warnes@Pfizer.com, kiorky@cryptelium.net", | maintainer_email="Gregory.R.Warnes@Pfizer.com, kiorky@cryptelium.net", | ||||
| @@ -68,6 +28,7 @@ setup( | |||||
| include_package_data=True, | include_package_data=True, | ||||
| install_requires=[ | install_requires=[ | ||||
| 'wstools', | 'wstools', | ||||
| 'defusedxml', | |||||
| ] | ] | ||||
| ) | ) | ||||
+ 29
- 9
src/SOAPpy/Parser.py
View File
| @@ -16,6 +16,10 @@ except ImportError: | |||||
| try: from M2Crypto import SSL | try: from M2Crypto import SSL | ||||
| except: pass | except: pass | ||||
| from defusedxml import expatreader | |||||
| from defusedxml.common import DefusedXmlException | |||||
| ident = '$Id: Parser.py 1497 2010-03-08 06:06:52Z pooryorick $' | ident = '$Id: Parser.py 1497 2010-03-08 06:06:52Z pooryorick $' | ||||
| from version import __version__ | from version import __version__ | ||||
| @@ -23,6 +27,11 @@ from version import __version__ | |||||
| ################################################################################ | ################################################################################ | ||||
| # SOAP Parser | # SOAP Parser | ||||
| ################################################################################ | ################################################################################ | ||||
| def make_parser(parser_list=[]): | |||||
| return expatreader.create_parser() | |||||
| class RefHolder: | class RefHolder: | ||||
| def __init__(self, name, frame): | def __init__(self, name, frame): | ||||
| self.name = name | self.name = name | ||||
| @@ -1041,27 +1050,38 @@ class EmptyEntityResolver(xml.sax.handler.EntityResolver): | |||||
| return StringIO("<?xml version='1.0' encoding='UTF-8'?>") | return StringIO("<?xml version='1.0' encoding='UTF-8'?>") | ||||
| def _parseSOAP(xml_str, rules = None, ignore_ext=None): | |||||
| def _parseSOAP(xml_str, rules = None, ignore_ext=None, | |||||
| forbid_entities=False, forbid_external=True, forbid_dtd=False): | |||||
| inpsrc = xml.sax.xmlreader.InputSource() | |||||
| inpsrc.setByteStream(StringIO(xml_str)) | |||||
| if ignore_ext is None: | if ignore_ext is None: | ||||
| ignore_ext = False | ignore_ext = False | ||||
| parser = xml.sax.make_parser() | |||||
| parser = make_parser() | |||||
| t = SOAPParser(rules=rules) | t = SOAPParser(rules=rules) | ||||
| parser.setContentHandler(t) | parser.setContentHandler(t) | ||||
| e = xml.sax.handler.ErrorHandler() | |||||
| parser.setErrorHandler(e) | |||||
| errorHandler = xml.sax.handler.ErrorHandler() | |||||
| parser.setErrorHandler(errorHandler) | |||||
| inpsrc = xml.sax.xmlreader.InputSource() | |||||
| inpsrc.setByteStream(StringIO(xml_str)) | |||||
| # disable by default entity loading on posted content | |||||
| if ignore_ext: | if ignore_ext: | ||||
| parser.setEntityResolver(EmptyEntityResolver()) | |||||
| # disable by default entity loading on posted content | |||||
| forbid_dtd = True | |||||
| forbid_entities = True | |||||
| forbid_external = True | |||||
| parser.forbid_dtd = forbid_dtd | |||||
| parser.forbid_entities = forbid_entities | |||||
| parser.forbid_external = forbid_external | |||||
| parser.setEntityResolver(EmptyEntityResolver()) | |||||
| # turn on namespace mangeling | # turn on namespace mangeling | ||||
| parser.setFeature(xml.sax.handler.feature_namespaces, 1) | parser.setFeature(xml.sax.handler.feature_namespaces, 1) | ||||
| try: | try: | ||||
| parser.parse(inpsrc) | parser.parse(inpsrc) | ||||
| except DefusedXmlException, e: | |||||
| parser._parser = None | |||||
| print traceback.format_exc() | |||||
| raise e | |||||
| except xml.sax.SAXParseException, e: | except xml.sax.SAXParseException, e: | ||||
| parser._parser = None | parser._parser = None | ||||
| print traceback.format_exc() | print traceback.format_exc() | ||||
+ 5
- 2
src/SOAPpy/version.py
View File
| @@ -1,2 +1,5 @@ | |||||
| __version__="0.12.6" | |||||
| try: | |||||
| import pkg_resources | |||||
| __version__ = pkg_resources.get_distribution("SOAPpy").version | |||||
| except: | |||||
| __version__="xxx" | |||||