XML bomb protection with modified expat parser
Project description
defusedexpat protects the XML packages of Python’s standard library from several denial of service vulnerabilities and external entity exploits. It contains
a modified and enhanced version of expat parser library
replacements for pyexpat and cElementTree’s _elementtree extension modules
loader code that replaces built-in extensions with the modified extensions
monkey patches for xml.sax and xml.dom to prevent external entity expansions
In order to protect your application you have to import the defusedxml module before any of the stdlib’s XML modules.
Countermeasures
limited entity expansion level to antagonize billion laugh attacks
limited total length of expansions to prevent quadratic blowups
monkey patch to prevent retrieval of external entities and DTDs
Modifications
Modifications in pyexpat
Parser object
New parser attributes (r/w)
max_entity_indirections
max_entity_expansions
reset_dtd
Module constants
XML_DEFAULT_MAX_ENTITY_INDIRECTIONS
XML_DEFAULT_MAX_ENTITY_EXPANSIONS
XML_BOMB_PROTECTION
Modules functions
get_reset_dtd(), set_reset_dtd(bool)
get_max_entity_expansions(), set_max_entity_expansions(int)
get_max_entity_indirections(), et_max_entity_indirections(int)
New CAPI members
capi.GetFeature
capi.SetFeature
capi.GetFeatureDefault
capi.SetFeatureDefault
Modifications in _elementtree
_elementtree.XMLParser
New arguments and r/o attributes
max_entity_indirections
max_entity_expansions
ignore_dtd
Modifications in expat
new definitions:
XML_BOMB_PROTECTION XML_DEFAULT_MAX_ENTITY_INDIRECTIONS XML_DEFAULT_MAX_ENTITY_EXPANSIONS XML_DEFAULT_RESET_DTD
new XML_FeatureEnum members:
XML_FEATURE_MAX_ENTITY_INDIRECTIONS XML_FEATURE_MAX_ENTITY_EXPANSIONS XML_FEATURE_IGNORE_DTD
new XML_Error members:
XML_ERROR_ENTITY_INDIRECTIONS XML_ERROR_ENTITY_EXPANSION
new API functions:
int XML_GetFeature(XML_Parser parser,
enum XML_FeatureEnum feature,
long *value);
int XML_SetFeature(XML_Parser parser,
enum XML_FeatureEnum feature,
long value);
int XML_GetFeatureDefault(enum XML_FeatureEnum feature,
long *value);
int XML_SetFeatureDefault(enum XML_FeatureEnum feature,
long value);
- XML_FEATURE_MAX_ENTITY_INDIRECTIONS
Limit the amount of indirections that are allowed to occur during the expansion of a nested entity. A counter starts when an entity reference is encountered. It resets after the entity is fully expanded. The limit protects the parser against exponential entity expansion attacks (aka billion laughs attack). When the limit is exceeded the parser stops and fails with XML_ERROR_ENTITY_INDIRECTIONS. A value of 0 disables the protection.
- Supported range
0 .. UINT_MAX
- Default
40
- XML_FEATURE_MAX_ENTITY_EXPANSIONS
Limit the total length of all entity expansions throughout the entire document. The lengths of all entities are accumulated in a parser variable. The setting protects against quadratic blowup attacks (lots of expansions of a large entity declaration). When the sum of all entities exceeds the limit, the parser stops and fails with XML_ERROR_ENTITY_EXPANSION. A value of 0 disables the protection.
- Supported range
0 .. UINT_MAX
- Default
8 MiB
- XML_FEATURE_RESET_DTD
Reset all DTD information after the <!DOCTYPE> block has been parsed. When the flag is set (default: false) all DTD information after the endDoctypeDeclHandler has been called. The flag can be set inside the endDoctypeDeclHandler. Without DTD information any entity reference in the document body leads to XML_ERROR_UNDEFINED_ENTITY.
- Supported range
0, 1
- Default
0
Requirements
Python 2.6.6 or newer (2.6.8 or newer for randomized hashing)
Python 2.7 (2.7.3 or newer for randomized hashing and Windows binaries)
Python 3.1 (3.1.5 or newer for randomized hashing and Windows binaries)
Python 3.2 (3.2.3 or newer for randomized hashing and Windows binaries)
Python 3.3.0 or newer
Windows binaries are compatible to 2.6.6, 2.7.3, 3.1.5, 3.2.3 or 3.3.0 or newer micro releases. They don’t work on older versions.
License
Copyright (c) 2013 by Christian Heimes <christian@python.org>
Licensed to PSF under a Contributor Agreement.
See http://www.python.org/psf/license for licensing details.
Contributors
- Antoine Pitrou
code review
- Brett Cannon
code review
Changelog
defusedexpat 0.4
Release date: 25-Feb-2013
Make code source compatible to Python versions without hash randomization.
Include latest version of expat patch
defusedexpat 0.3
Release date: 19-Feb-2013
Disable some tests on Windows because proxy trick doesn’t work
Remove ‘bomb protection’ suffix from CAPI MAGIC
Don’t support additional kwargs in _elementtree when XML_BOMB_PROTECTION is not available.
Implement better and more flexibel get/set feature API in expat
Add module functions to set global settings
defusedexpat 0.2
Release date: 15-Feb-2013
Python 3.1 support
Misc fixes and improvements
defusedexpat 0.1
Release date: 11-Feb-2013
Initial and internal release for PSRT review
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distributions
Hashes for defusedexpat-0.4.win-amd64-py3.3.exe
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 3bf83296bfdc4b271b5cc186917150c7cfc250ebb96320eed3881f723039e5c3 |
|
| MD5 | e175ac15838b1088c75f97145f973f37 |
|
| BLAKE2b-256 | db43cf5ba03072d01394ce9e464a66f8bde9e05570014c1224e65782b3a86263 |
Hashes for defusedexpat-0.4.win-amd64-py3.2.exe
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | e989f630b89d01f2dde74a26534373ec1330d3a805730f1b4c979bd7d7406cf8 |
|
| MD5 | 7f4f12f165f918ec4844aa14203a02e8 |
|
| BLAKE2b-256 | 5b96c1b520e7b1084af33d2eff69a8637fd6007616dce58d3f0aec6f63e0339f |
Hashes for defusedexpat-0.4.win-amd64-py2.7.exe
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | fcf6ca5ab397a93204f32ed9ce813b3c832604a3059d3d1cbff3eef9b5883b54 |
|
| MD5 | 3ab54aba131297c2fbe8b66f78dc694d |
|
| BLAKE2b-256 | 9e66657810c76db653746b04f40011ef210c0173beab4bc5477559bf2d2153cc |
Hashes for defusedexpat-0.4.win-amd64-py2.6.exe
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a902903831c9875c628f115a5552f82cbd9c50d55ff38d28af22513445faf761 |
|
| MD5 | b2b4b4ecdabefaeabe35b49a22dba51d |
|
| BLAKE2b-256 | 6c9897472a93c5de249539b14cae5ab8a6ee141a7cb8c05e7f4f96d2bb58aeb7 |
Hashes for defusedexpat-0.4.win32-py3.3.exe
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | afe67392469794ab5b37742b8346afc2f3bd1b7213cdcd010a66b271202bc8f6 |
|
| MD5 | 6e3ba80148d86b1441b2c858330ced0d |
|
| BLAKE2b-256 | ddd5840089d736742c0cbc33f689c77cbfc99aaad6edf97a034b44d2eb344d62 |
Hashes for defusedexpat-0.4.win32-py3.2.exe
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 950ed610a4f41b29febeed52fef1fb98fb74444ff510d34d6c7a4ad805434a27 |
|
| MD5 | a278f1b715aa355d32a591c81ee4fe7c |
|
| BLAKE2b-256 | a6b6d9c74b83fb368d0c7dbcc50133193551764f2e38412d8cdd9ef41cabb89e |
Hashes for defusedexpat-0.4.win32-py2.7.exe
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 6f3faabc4531261f2b5a3181ada52f464456236050efef9fea9aa89ff2d8b73f |
|
| MD5 | 0853d1021e9a91d16149a536f452c075 |
|
| BLAKE2b-256 | 01d311a944ec84ad229f324699d71ddd940603d24c5ea413fdf399c79f6e292f |
Hashes for defusedexpat-0.4.win32-py2.6.exe
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 4893726172733a64007c380ff4a3e9cef064691c56379568fcf67d8c432be3f0 |
|
| MD5 | 7ceda9cba7822379e9882ab17c086f69 |
|
| BLAKE2b-256 | 1e3c287518a578f539597ac58f204763a6dfe956ab123d792353c135c6433375 |
