diff options
| author | Guido van Rossum <guido@python.org> | 2016-10-13 21:32:33 (GMT) |
|---|---|---|
| committer | Guido van Rossum <guido@python.org> | 2016-10-13 21:32:33 (GMT) |
| commit | a0ef768ddf7a8196c77544545d2dfb7e09473e4d (patch) | |
| tree | 00d63997a1e35ba811ca75a67e170e96001870e6 | |
| parent | 5236ac600ea59f8ddd89d6dfc6148cd8a8282d40 (diff) | |
| parent | e1478e4ae2001ca352c3319bdc9c23a555f98788 (diff) | |
| download | cpython-a0ef768ddf7a8196c77544545d2dfb7e09473e4d.zip cpython-a0ef768ddf7a8196c77544545d2dfb7e09473e4d.tar.gz cpython-a0ef768ddf7a8196c77544545d2dfb7e09473e4d.tar.bz2 | |
Issue #18789: Update XML vulnerability table to use Safe/Vulnerable instead of No/Yes. (3.5->3.6)
| -rw-r--r-- | Doc/library/xml.rst | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/Doc/library/xml.rst b/Doc/library/xml.rst index 3c2fc89..d833b7f 100644 --- a/Doc/library/xml.rst +++ b/Doc/library/xml.rst @@ -60,15 +60,15 @@ circumvent firewalls. The following table gives an overview of the known attacks and whether the various modules are vulnerable to them. -========================= ======== ========= ========= ======== ========= -kind sax etree minidom pulldom xmlrpc -========================= ======== ========= ========= ======== ========= -billion laughs **Yes** **Yes** **Yes** **Yes** **Yes** -quadratic blowup **Yes** **Yes** **Yes** **Yes** **Yes** -external entity expansion **Yes** No (1) No (2) **Yes** No (3) -`DTD`_ retrieval **Yes** No No **Yes** No -decompression bomb No No No No **Yes** -========================= ======== ========= ========= ======== ========= +========================= ============== =============== ============== ============== ============== +kind sax etree minidom pulldom xmlrpc +========================= ============== =============== ============== ============== ============== +billion laughs **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** +quadratic blowup **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** +external entity expansion **Vulnerable** Safe (1) Safe (2) **Vulnerable** Safe (3) +`DTD`_ retrieval **Vulnerable** Safe Safe **Vulnerable** Safe +decompression bomb Safe Safe Safe Safe **Vulnerable** +========================= ============== =============== ============== ============== ============== 1. :mod:`xml.etree.ElementTree` doesn't expand external entities and raises a :exc:`ParserError` when an entity occurs. |