Detect malformed or potentially malicious XML files
(location: ScanLocation)
| 84 | |
| 85 | @Analyzer.ID("xml") |
| 86 | def analyze(location: ScanLocation): |
| 87 | """ |
| 88 | Detect malformed or potentially malicious XML files |
| 89 | """ |
| 90 | if location.str_location.endswith(".xml"): |
| 91 | pass |
| 92 | elif location.metadata["mime"] not in ALLOWED_MIMES: |
| 93 | return |
| 94 | |
| 95 | # Parsing will stop at the first error so we can't set `True` to all the options as it will shadow the problem |
| 96 | # We want to catch also combinations of problems so enumerate each option |
| 97 | yield from scan(location, forbid_dtd=True, forbid_entities=False, forbid_external=False) |
| 98 | yield from scan(location, forbid_dtd=False, forbid_entities=True, forbid_external=False) |
| 99 | yield from scan(location, forbid_dtd=False, forbid_entities=False, forbid_external=True) |
| 100 |