maci docs
  • maci
  • WATCH
    • Quick Start
    • Full Training Series
  • DOCS
    • maci
      • language
        • v1.0.0
      • functions
        • maci.build
        • maci.load
        • maci.loadstr
        • maci.loadattrs
        • maci.loadraw
        • maci.loaddict
        • maci.loadstrdict
        • maci.dump
        • maci.dumpstr
        • maci.dumpraw
      • object
        • methods
          • lock_attr
          • unlock_attr
          • hard_lock_attr
          • map_attr
          • unmap_attr
          • load_attrs
          • get_attrs
          • get_locked_list
          • get_hard_locked_list
          • get_all_maps
          • get_parent_maps
          • get_child_maps
          • get_parent_map_chains
          • is_parent_map
          • is_child_map
      • errors
      • hints
    • json
      • functions
        • maci.jsonload
        • maci.jsonloadstr
        • maci.jsondump
        • maci.jsondumpstr
    • yaml
      • functions
        • maci.yamlload
        • maci.yamlloadstr
        • maci.yamlloadall
        • maci.yamldump
        • maci.yamldumpstr
        • maci.yamldumpall
    • toml
      • functions
        • maci.tomlload
        • maci.tomlloadstr
        • maci.tomldump
        • maci.tomldumpstr
    • ini
      • functions
        • maci.iniload
        • maci.inidump
        • maci.inibuildauto
        • maci.inibuildmanual
    • xml
      • functions
        • maci.xmlload
        • maci.xmlloadstr
        • maci.xmlloaddict
        • maci.xmlloadstrdict
        • maci.xmldump
        • maci.xmldumpstr
        • maci.xmldumpdict
        • maci.xmldumpstrdict
        • maci.xmlbuildmanual
        • maci._defuse_xml_stdlib
    • pickle
      • functions
        • maci.pickleloadbytes
        • maci.pickledumpbytes
    • tools
      • hash functions
        • maci.createhash
        • maci.createfilehash
        • maci.comparefilehash
      • format functions
        • maci.cleanformat
  • Updates
    • Changelog
      • v1.1.0
      • v1.0.0
Powered by GitBook
On this page
  1. DOCS
  2. xml
  3. functions

maci._defuse_xml_stdlib

enable defusedxml feature

Last updated 1 year ago

Calling this function may provide aid in reducing risk factors when working with XML data. Under the hood, this is simply pointing to the monkey patch standard libraries function.

This feature is EXPERIMENTAL according to the developers. Please read below for more information and documentation from the external package and official python docs supporting defusedxml.

Reason maci library provides this is to help facilitate more security for XML data and provide a simple easy api solution to enable support. Example activating it by calling the function

maci._defuse_xml_stdlib()

In this example we simply called the _defuse_xml_stdlib function to activate the defusedxml feature.

You only need to call this once during the runtime of the program. It is best to call it at the beginning or before you handle any xml data.

The purpose of using defusedxml.defused_stdlib is to patch or replace parts of the standard XML parsing libraries (xml.etree.ElementTree, xml.dom.minidom, xml.sax, and others) with safer implementations that prevent these vulnerabilities. This is particularly important for applications that need to process XML data from untrusted sources.

For more information on the provided defusedxml external pkg, visit:

Official Python doc stating std lib xml vulns and recommending defusedxml:

defusedxml library
https://pypi.org/project/defusedxml
https://docs.python.org/3/library/xml.html#xml-vulnerabilities