mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-09-15 07:22:29 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

use defusedxml to avoid DoS attacks while loading XML

Browse source
This commit is contained in:
Hans-Christoph Steiner 2018-08-29 17:27:04 +02:00
parent cc94ebca30
commit 4d13a904f3
4 changed files with 10 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

3
fdroidserver/common.py
View file

@ -39,7 +39,7 @@ import base64
import zipfile
import tempfile
import json
import xml.etree.ElementTree as XMLElementTree
import defusedxml.ElementTree as XMLElementTree
from binascii import hexlify
from datetime import datetime, timedelta
@ -74,7 +74,6 @@ STANDARD_FILE_NAME_REGEX = re.compile(r'^(\w[\w.]*)_(-?[0-9]+)\.\w+')
MAX_VERSION_CODE = 0x7fffffff # Java's Integer.MAX_VALUE (2147483647)
XMLNS_ANDROID = '{http://schemas.android.com/apk/res/android}'
XMLElementTree.register_namespace('android', 'http://schemas.android.com/apk/res/android')
config = None
options = None