Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not allowing DTDs breaks the OJAudit source #1655

Closed
fniessink opened this issue Nov 9, 2020 · 0 comments · Fixed by #1657
Closed

Not allowing DTDs breaks the OJAudit source #1655

fniessink opened this issue Nov 9, 2020 · 0 comments · Fixed by #1657
Assignees
@fniessink
Labels
Bug Something isn't working

Comments

@fniessink
Copy link
Member 

Traceback (most recent call last):
  File "/home/collector/base_collectors/source_collector.py", line 142, in __safely_parse_source_responses
    measurement = await self._parse_source_responses(responses)
  File "/home/collector/source_collectors/file_source_collectors/ojaudit.py", line 27, in _parse_source_responses
    tree, namespaces = await parse_source_response_xml_with_namespace(response)
  File "/home/collector/collector_utilities/functions.py", line 27, in parse_source_response_xml_with_namespace
    tree = await parse_source_response_xml(response, allowed_root_tags)
  File "/home/collector/collector_utilities/functions.py", line 18, in parse_source_response_xml
    tree = cast(Element, ElementTree.fromstring(await response.text(), forbid_dtd=True))
  File "/usr/local/lib/python3.9/site-packages/defusedxml/common.py", line 131, in fromstring
    parser.feed(text)
  File "/usr/local/lib/python3.9/xml/etree/ElementTree.py", line 1720, in feed
    self.parser.Parse(data, False)
  File "/usr/src/python/Modules/pyexpat.c", line 671, in StartDoctypeDecl
  File "/usr/local/lib/python3.9/site-packages/defusedxml/ElementTree.py", line 108, in defused_start_doctype_decl
    raise DTDForbidden(name, sysid, pubid)
defusedxml.common.DTDForbidden: DTDForbidden(name='audit', system_id=None, public_id=None)
@fniessink fniessink added the Bug Something isn't working label Nov 9, 2020
@fniessink fniessink self-assigned this Nov 9, 2020
fniessink added a commit that referenced this issue Nov 9, 2020
@fniessink
Turn on processing of DTD's (despite the fact that security tools com…
588d08d 
…plain that this is insecure) because otherwise OJAudit reports can't be read. Fixes #1655.
@fniessink fniessink mentioned this issue Nov 9, 2020
Merged
fniessink added a commit that referenced this issue Nov 9, 2020
@fniessink
Turn on processing of DTD's (despite the fact that security tools com…
626e31a 
…plain that this is insecure) because otherwise OJAudit reports can't be read. Fixes #1655. (#1657)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fniessink fniessink

Labels
Bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Turn on processing of DTD's (despite the fact that security tools com… ICTU/quality-time
1 participant
@fniessink