diff options
| author | Jenkins <jenkins@review.openstack.org> | 2013-03-14 18:52:42 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2013-03-14 18:52:42 +0000 |
| commit | 01eb75a6a7479f197fecc0b69667a9755fc70cbd (patch) | |
| tree | 6dd8cc35357aa404a32f166c8d26645c6ac032ff /nova/utils.py | |
| parent | 9df61c0b06dd81f34d97fbc02030f92928e21a78 (diff) | |
| parent | 3478f1e121d84d15558d338a32315f13250cf3bb (diff) | |
| download | nova-01eb75a6a7479f197fecc0b69667a9755fc70cbd.tar.gz nova-01eb75a6a7479f197fecc0b69667a9755fc70cbd.tar.xz nova-01eb75a6a7479f197fecc0b69667a9755fc70cbd.zip | |
Merge "Makes safe xml data calls raise 400 http error instead of 500"
Diffstat (limited to 'nova/utils.py')
| -rw-r--r-- | nova/utils.py | 58 |
1 files changed, 0 insertions, 58 deletions
diff --git a/nova/utils.py b/nova/utils.py index fe6c75df3..dbbbd1eb6 100644 --- a/nova/utils.py +++ b/nova/utils.py @@ -36,10 +36,6 @@ import struct import sys import tempfile import time -from xml.dom import minidom -from xml.parsers import expat -from xml import sax -from xml.sax import expatreader from xml.sax import saxutils from eventlet import event @@ -657,60 +653,6 @@ class DynamicLoopingCall(LoopingCallBase): return self.done -class ProtectedExpatParser(expatreader.ExpatParser): - """An expat parser which disables DTD's and entities by default.""" - - def __init__(self, forbid_dtd=True, forbid_entities=True, - *args, **kwargs): - # Python 2.x old style class - expatreader.ExpatParser.__init__(self, *args, **kwargs) - self.forbid_dtd = forbid_dtd - self.forbid_entities = forbid_entities - - def start_doctype_decl(self, name, sysid, pubid, has_internal_subset): - raise ValueError("Inline DTD forbidden") - - def entity_decl(self, entityName, is_parameter_entity, value, base, - systemId, publicId, notationName): - raise ValueError("<!ENTITY> entity declaration forbidden") - - def unparsed_entity_decl(self, name, base, sysid, pubid, notation_name): - # expat 1.2 - raise ValueError("<!ENTITY> unparsed entity forbidden") - - def external_entity_ref(self, context, base, systemId, publicId): - raise ValueError("<!ENTITY> external entity forbidden") - - def notation_decl(self, name, base, sysid, pubid): - raise ValueError("<!ENTITY> notation forbidden") - - def reset(self): - expatreader.ExpatParser.reset(self) - if self.forbid_dtd: - self._parser.StartDoctypeDeclHandler = self.start_doctype_decl - self._parser.EndDoctypeDeclHandler = None - if self.forbid_entities: - self._parser.EntityDeclHandler = self.entity_decl - self._parser.UnparsedEntityDeclHandler = self.unparsed_entity_decl - self._parser.ExternalEntityRefHandler = self.external_entity_ref - self._parser.NotationDeclHandler = self.notation_decl - try: - self._parser.SkippedEntityHandler = None - except AttributeError: - # some pyexpat versions do not support SkippedEntity - pass - - -def safe_minidom_parse_string(xml_string): - """Parse an XML string using minidom safely. - - """ - try: - return minidom.parseString(xml_string, parser=ProtectedExpatParser()) - except sax.SAXParseException as se: - raise expat.ExpatError() - - def xhtml_escape(value): """Escapes a string so it is valid within XML or XHTML. |