[tryton-commits] changeset in proteus:5.0 Protect against XML vulnerabilities

Cédric Krier Tue, 01 Mar 2022 10:58:06 -0800

changeset 85eb95f609cf in proteus:5.0
details: https://hg.tryton.org/proteus?cmd=changeset&node=85eb95f609cf
description:
        Protect against XML vulnerabilities


        issue11219
        issue11244
        (grafted from f801a89c84e7df1e3ae00b0f91d500ed7d36a7a9)
diffstat:

 CHANGELOG         |  2 ++
 proteus/config.py |  4 ++++
 setup.py          |  1 +
 3 files changed, 7 insertions(+), 0 deletions(-)

diffs (36 lines):

diff -r 76e5b5efaddd -r 85eb95f609cf CHANGELOG
--- a/CHANGELOG Sat Jan 15 16:19:17 2022 +0100
+++ b/CHANGELOG Tue Mar 01 19:07:56 2022 +0100
@@ -1,3 +1,5 @@
+* Use defusedxml to parse XML (11244)
+
 Version 5.0.11 - 2022-01-15
 * Bug fixes (see mercurial logs for details)
 
diff -r 76e5b5efaddd -r 85eb95f609cf proteus/config.py
--- a/proteus/config.py Sat Jan 15 16:19:17 2022 +0100
+++ b/proteus/config.py Tue Mar 01 19:07:56 2022 +0100
@@ -11,8 +11,12 @@
 import xmlrpc.client
 from decimal import Decimal
 
+import defusedxml.xmlrpc
+
 __all__ = ['set_trytond', 'set_xmlrpc', 'get_config']
 
+defusedxml.xmlrpc.monkey_patch()
+
 
 def dump_decimal(self, value, write):
     value = {'__class__': 'Decimal',
diff -r 76e5b5efaddd -r 85eb95f609cf setup.py
--- a/setup.py  Sat Jan 15 16:19:17 2022 +0100
+++ b/setup.py  Tue Mar 01 19:07:56 2022 +0100
@@ -77,6 +77,7 @@
     license='LGPL-3',
     python_requires='>=3.4',
     install_requires=[
+        'defusedxml',
         "python-dateutil",
         ],
     extras_require={

[tryton-commits] changeset in proteus:5.0 Protect against XML vulnerabilities

Reply via email to