Issue #18789: Update XML vulnerability table to use Safe/Vulnerable instead of No/Yes. (3.5->3.6)

This commit is contained in:
Guido van Rossum 2016-10-13 14:32:33 -07:00
commit a0ef768ddf
1 changed files with 9 additions and 9 deletions

View File

@ -60,15 +60,15 @@ circumvent firewalls.
The following table gives an overview of the known attacks and whether
the various modules are vulnerable to them.
========================= ======== ========= ========= ======== =========
kind sax etree minidom pulldom xmlrpc
========================= ======== ========= ========= ======== =========
billion laughs **Yes** **Yes** **Yes** **Yes** **Yes**
quadratic blowup **Yes** **Yes** **Yes** **Yes** **Yes**
external entity expansion **Yes** No (1) No (2) **Yes** No (3)
`DTD`_ retrieval **Yes** No No **Yes** No
decompression bomb No No No No **Yes**
========================= ======== ========= ========= ======== =========
========================= ============== =============== ============== ============== ==============
kind sax etree minidom pulldom xmlrpc
========================= ============== =============== ============== ============== ==============
billion laughs **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable**
quadratic blowup **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable**
external entity expansion **Vulnerable** Safe (1) Safe (2) **Vulnerable** Safe (3)
`DTD`_ retrieval **Vulnerable** Safe Safe **Vulnerable** Safe
decompression bomb Safe Safe Safe Safe **Vulnerable**
========================= ============== =============== ============== ============== ==============
1. :mod:`xml.etree.ElementTree` doesn't expand external entities and raises a
:exc:`ParserError` when an entity occurs.