Skip to content

Commit ccf427b

Browse files
elliotwutingfengelliotwutingfeng
committed
use defusedxml for sax.parse().
1 parent f1dff44 commit ccf427b

2 files changed

Lines changed: 6 additions & 1 deletion

File tree

pre_commit_hooks/check_xml.py

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,10 @@
44
import xml.sax.handler
55
from collections.abc import Sequence
66

7+
import defusedxml
8+
9+
defusedxml.defuse_stdlib()
10+
711

812
def main(argv: Sequence[str] | None = None) -> int:
913
parser = argparse.ArgumentParser()
@@ -15,7 +19,7 @@ def main(argv: Sequence[str] | None = None) -> int:
1519
for filename in args.filenames:
1620
try:
1721
with open(filename, 'rb') as xml_file:
18-
xml.sax.parse(xml_file, handler)
22+
defusedxml.sax.parse(xml_file, handler)
1923
except xml.sax.SAXException as exc:
2024
print(f'{filename}: Failed to xml parse ({exc})')
2125
retval = 1

setup.cfg

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ classifiers =
1818
[options]
1919
packages = find:
2020
install_requires =
21+
defusedxml>=0.7.1
2122
ruamel.yaml>=0.15
2223
tomli>=1.1.0;python_version<"3.11"
2324
python_requires = >=3.10

0 commit comments

Comments
 (0)