Skip to main content

XML bomb protection with modified expat parser

Project description

defusedexpat protects the XML packages of Python’s standard library from several denial of service vulnerabilities and external entity exploits. It contains

  • a modified and enhanced version of expat parser library

  • replacements for pyexpat and cElementTree’s _elementtree extension modules

  • loader code that replaces built-in extensions with the modified extensions

  • monkey patches for xml.sax and xml.dom to prevent external entity expansions

In order to protect your application you have to import the defusedxml module before any of the stdlib’s XML modules.

Countermeasures

  • limited entity expansion level to antagonize billion laugh attacks

  • limited total length of expansions to prevent quadratic blowups

  • monkey patch to prevent retrieval of external entities and DTDs

Modifications

Modifications in pyexpat

Parser object

New parser attributes (r/w)

  • max_entity_indirections

  • max_entity_expansions

  • reset_dtd

Module constants

  • XML_DEFAULT_MAX_ENTITY_INDIRECTIONS

  • XML_DEFAULT_MAX_ENTITY_EXPANSIONS

  • XML_BOMB_PROTECTION

Modules functions

  • get_reset_dtd(), set_reset_dtd(bool)

  • get_max_entity_expansions(), set_max_entity_expansions(int)

  • get_max_entity_indirections(), et_max_entity_indirections(int)

New CAPI members

  • capi.GetFeature

  • capi.SetFeature

  • capi.GetFeatureDefault

  • capi.SetFeatureDefault

Modifications in _elementtree

_elementtree.XMLParser

New arguments and r/o attributes

  • max_entity_indirections

  • max_entity_expansions

  • ignore_dtd

Modifications in expat

new definitions:

XML_BOMB_PROTECTION
XML_DEFAULT_MAX_ENTITY_INDIRECTIONS
XML_DEFAULT_MAX_ENTITY_EXPANSIONS
XML_DEFAULT_RESET_DTD

new XML_FeatureEnum members:

XML_FEATURE_MAX_ENTITY_INDIRECTIONS
XML_FEATURE_MAX_ENTITY_EXPANSIONS
XML_FEATURE_IGNORE_DTD

new XML_Error members:

XML_ERROR_ENTITY_INDIRECTIONS
XML_ERROR_ENTITY_EXPANSION

new API functions:

int XML_GetFeature(XML_Parser parser,
                   enum XML_FeatureEnum feature,
                   long *value);
int XML_SetFeature(XML_Parser parser,
                   enum XML_FeatureEnum feature,
                   long value);
int XML_GetFeatureDefault(enum XML_FeatureEnum feature,
                          long *value);
int XML_SetFeatureDefault(enum XML_FeatureEnum feature,
                          long value);
XML_FEATURE_MAX_ENTITY_INDIRECTIONS

Limit the amount of indirections that are allowed to occur during the expansion of a nested entity. A counter starts when an entity reference is encountered. It resets after the entity is fully expanded. The limit protects the parser against exponential entity expansion attacks (aka billion laughs attack). When the limit is exceeded the parser stops and fails with XML_ERROR_ENTITY_INDIRECTIONS. A value of 0 disables the protection.

Supported range

0 .. UINT_MAX

Default

40

XML_FEATURE_MAX_ENTITY_EXPANSIONS

Limit the total length of all entity expansions throughout the entire document. The lengths of all entities are accumulated in a parser variable. The setting protects against quadratic blowup attacks (lots of expansions of a large entity declaration). When the sum of all entities exceeds the limit, the parser stops and fails with XML_ERROR_ENTITY_EXPANSION. A value of 0 disables the protection.

Supported range

0 .. UINT_MAX

Default

8 MiB

XML_FEATURE_RESET_DTD

Reset all DTD information after the <!DOCTYPE> block has been parsed. When the flag is set (default: false) all DTD information after the endDoctypeDeclHandler has been called. The flag can be set inside the endDoctypeDeclHandler. Without DTD information any entity reference in the document body leads to XML_ERROR_UNDEFINED_ENTITY.

Supported range

0, 1

Default

0

Requirements

  • Python 2.6.6 or newer (2.6.8 or newer for randomized hashing)

  • Python 2.7 (2.7.3 or newer for randomized hashing and Windows binaries)

  • Python 3.1 (3.1.5 or newer for randomized hashing and Windows binaries)

  • Python 3.2 (3.2.3 or newer for randomized hashing and Windows binaries)

  • Python 3.3.0 or newer

Windows binaries are compatible to 2.6.6, 2.7.3, 3.1.5, 3.2.3 or 3.3.0 or newer micro releases. They don’t work on older versions.

License

Copyright (c) 2013 by Christian Heimes <christian@python.org>

Licensed to PSF under a Contributor Agreement.

See http://www.python.org/psf/license for licensing details.

Contributors

Antoine Pitrou

code review

Brett Cannon

code review

Changelog

defusedexpat 0.4

Release date: 25-Feb-2013

  • Make code source compatible to Python versions without hash randomization.

  • Include latest version of expat patch

defusedexpat 0.3

Release date: 19-Feb-2013

  • Disable some tests on Windows because proxy trick doesn’t work

  • Remove ‘bomb protection’ suffix from CAPI MAGIC

  • Don’t support additional kwargs in _elementtree when XML_BOMB_PROTECTION is not available.

  • Implement better and more flexibel get/set feature API in expat

  • Add module functions to set global settings

defusedexpat 0.2

Release date: 15-Feb-2013

  • Python 3.1 support

  • Misc fixes and improvements

defusedexpat 0.1

Release date: 11-Feb-2013

  • Initial and internal release for PSRT review

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

defusedexpat-0.4.zip (275.9 kB view details)

Uploaded Source

defusedexpat-0.4.tar.gz (259.3 kB view details)

Uploaded Source

Built Distributions

defusedexpat-0.4.win-amd64-py3.3.exe (324.4 kB view details)

Uploaded Source

defusedexpat-0.4.win-amd64-py3.2.exe (324.1 kB view details)

Uploaded Source

defusedexpat-0.4.win-amd64-py2.7.exe (322.1 kB view details)

Uploaded Source

defusedexpat-0.4.win-amd64-py2.6.exe (320.7 kB view details)

Uploaded Source

defusedexpat-0.4.win32-py3.3.exe (284.2 kB view details)

Uploaded Source

defusedexpat-0.4.win32-py3.2.exe (284.0 kB view details)

Uploaded Source

defusedexpat-0.4.win32-py2.7.exe (282.5 kB view details)

Uploaded Source

defusedexpat-0.4.win32-py2.6.exe (281.6 kB view details)

Uploaded Source

File details

Details for the file defusedexpat-0.4.zip.

File metadata

  • Download URL: defusedexpat-0.4.zip
  • Upload date:
  • Size: 275.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for defusedexpat-0.4.zip
Algorithm Hash digest
SHA256 f0185c81ef89879b6e40107d6e42b4175eaa812401eec79f18f3d88297822345
MD5 d870a2eb4137d676df896719cdd52a55
BLAKE2b-256 2fcc56e82058fa3bfbe75b8601f91e0ed2b586fb6aef3105fc0ff734371971e3

See more details on using hashes here.

Provenance

File details

Details for the file defusedexpat-0.4.tar.gz.

File metadata

  • Download URL: defusedexpat-0.4.tar.gz
  • Upload date:
  • Size: 259.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for defusedexpat-0.4.tar.gz
Algorithm Hash digest
SHA256 43622e7fc95a55049a1b755d421cd1ef05e854609db0313cd826a3b873a6debd
MD5 8091bb85a6842456a4b7fe842dc13f89
BLAKE2b-256 c16b5885b434e95ebfa35b7c4fa48019c8c676f7475e01074da84e0840e521df

See more details on using hashes here.

Provenance

File details

Details for the file defusedexpat-0.4.win-amd64-py3.3.exe.

File metadata

File hashes

Hashes for defusedexpat-0.4.win-amd64-py3.3.exe
Algorithm Hash digest
SHA256 3bf83296bfdc4b271b5cc186917150c7cfc250ebb96320eed3881f723039e5c3
MD5 e175ac15838b1088c75f97145f973f37
BLAKE2b-256 db43cf5ba03072d01394ce9e464a66f8bde9e05570014c1224e65782b3a86263

See more details on using hashes here.

Provenance

File details

Details for the file defusedexpat-0.4.win-amd64-py3.2.exe.

File metadata

File hashes

Hashes for defusedexpat-0.4.win-amd64-py3.2.exe
Algorithm Hash digest
SHA256 e989f630b89d01f2dde74a26534373ec1330d3a805730f1b4c979bd7d7406cf8
MD5 7f4f12f165f918ec4844aa14203a02e8
BLAKE2b-256 5b96c1b520e7b1084af33d2eff69a8637fd6007616dce58d3f0aec6f63e0339f

See more details on using hashes here.

Provenance

File details

Details for the file defusedexpat-0.4.win-amd64-py2.7.exe.

File metadata

File hashes

Hashes for defusedexpat-0.4.win-amd64-py2.7.exe
Algorithm Hash digest
SHA256 fcf6ca5ab397a93204f32ed9ce813b3c832604a3059d3d1cbff3eef9b5883b54
MD5 3ab54aba131297c2fbe8b66f78dc694d
BLAKE2b-256 9e66657810c76db653746b04f40011ef210c0173beab4bc5477559bf2d2153cc

See more details on using hashes here.

Provenance

File details

Details for the file defusedexpat-0.4.win-amd64-py2.6.exe.

File metadata

File hashes

Hashes for defusedexpat-0.4.win-amd64-py2.6.exe
Algorithm Hash digest
SHA256 a902903831c9875c628f115a5552f82cbd9c50d55ff38d28af22513445faf761
MD5 b2b4b4ecdabefaeabe35b49a22dba51d
BLAKE2b-256 6c9897472a93c5de249539b14cae5ab8a6ee141a7cb8c05e7f4f96d2bb58aeb7

See more details on using hashes here.

Provenance

File details

Details for the file defusedexpat-0.4.win32-py3.3.exe.

File metadata

File hashes

Hashes for defusedexpat-0.4.win32-py3.3.exe
Algorithm Hash digest
SHA256 afe67392469794ab5b37742b8346afc2f3bd1b7213cdcd010a66b271202bc8f6
MD5 6e3ba80148d86b1441b2c858330ced0d
BLAKE2b-256 ddd5840089d736742c0cbc33f689c77cbfc99aaad6edf97a034b44d2eb344d62

See more details on using hashes here.

Provenance

File details

Details for the file defusedexpat-0.4.win32-py3.2.exe.

File metadata

File hashes

Hashes for defusedexpat-0.4.win32-py3.2.exe
Algorithm Hash digest
SHA256 950ed610a4f41b29febeed52fef1fb98fb74444ff510d34d6c7a4ad805434a27
MD5 a278f1b715aa355d32a591c81ee4fe7c
BLAKE2b-256 a6b6d9c74b83fb368d0c7dbcc50133193551764f2e38412d8cdd9ef41cabb89e

See more details on using hashes here.

Provenance

File details

Details for the file defusedexpat-0.4.win32-py2.7.exe.

File metadata

File hashes

Hashes for defusedexpat-0.4.win32-py2.7.exe
Algorithm Hash digest
SHA256 6f3faabc4531261f2b5a3181ada52f464456236050efef9fea9aa89ff2d8b73f
MD5 0853d1021e9a91d16149a536f452c075
BLAKE2b-256 01d311a944ec84ad229f324699d71ddd940603d24c5ea413fdf399c79f6e292f

See more details on using hashes here.

Provenance

File details

Details for the file defusedexpat-0.4.win32-py2.6.exe.

File metadata

File hashes

Hashes for defusedexpat-0.4.win32-py2.6.exe
Algorithm Hash digest
SHA256 4893726172733a64007c380ff4a3e9cef064691c56379568fcf67d8c432be3f0
MD5 7ceda9cba7822379e9882ab17c086f69
BLAKE2b-256 1e3c287518a578f539597ac58f204763a6dfe956ab123d792353c135c6433375

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page