How to use the defusedxml.xmlrpc function in defusedxml
To help you get started, we’ve selected a few defusedxml examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
blockstack / blockstack-core / integration_tests / blockstack_integration_tests / scenarios / blockstack_client / backend / utxo / blockstack_core.py View on Github 
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Blockstack-client. If not, see .
"""
from .blockchain_client import BlockchainClient
from xmlrpclib import ServerProxy, Transport
from defusedxml import xmlrpc
import httplib
import json
# prevent the usual XML attacks
xmlrpc.monkey_patch()
class BlockstackCoreUTXOClient( BlockchainClient ):
def __init__(self, server, port):
self.type = "blockstack_utxo"
self.server = server
self.port = port
def get_unspents(self, address):
return get_unspents( address, self )
def broadcast_transaction(self, txdata ):
return broadcast_transaction( txdata, self )
# TODO: make into its own module
# https://seattle.poly.edu/browser/seattle/trunk/demokit/timeout_xmlrpclib.py?rev=692"""
# use Blockstack Labs as a storage proxy
import os
import sys
import logging
import xmlrpclib
import json
import re
import base64
from ConfigParser import SafeConfigParser
# stop common XML attacks
from defusedxml import xmlrpc
xmlrpc.monkey_patch()
from common import get_logger
SERVER_NAME = None
SERVER_PORT = None
if os.environ.get("BLOCKSTACK_TEST", None) == "1":
SERVER_NAME = "localhost"
SERVER_PORT = 16264
else:
SERVER_NAME = "node.blockstack.org"
SERVER_PORT = 6264
log = get_logger("blockstack-storage-driver-blockstack-server")
log.setLevel(logging.DEBUG)from django.urls import get_mod_func
if sys.version_info.major == 2:
# Python2.x
from xmlrpclib import Fault
else:
# Python3
from xmlrpc.client import Fault
from defusedxml import xmlrpc # noqa
# This method makes the XMLRPC parser (used by loads) safe
# from various XML based attacks
xmlrpc.monkey_patch()
# this error code is taken from xmlrpc-epi
# http://xmlrpc-epi.sourceforge.net/specs/rfc.fault_codes.php
APPLICATION_ERROR = -32500
class RPCMethod(object):
'''
A method available to be called via the rpc dispatcher
**Attributes**
``method``
The underlying Python method to call when this method is invoked
``help``import pprint
import random
import time
import copy
import blockstack_profiles
import blockstack_zones
import urllib
from xmlrpclib import ServerProxy, Transport
from defusedxml import xmlrpc
import httplib
import base64
import jsonschema
from jsonschema.exceptions import ValidationError
# prevent the usual XML attacks
xmlrpc.MAX_DATA = 10 * 1024 * 1024 # 10MB
xmlrpc.monkey_patch()
import storage
import scripts
import pybitcoin
import bitcoin
import binascii
from utilitybelt import is_hex
import config
from config import get_logger, DEBUG, MAX_RPC_LEN, find_missing, BLOCKSTACKD_SERVER, \
BLOCKSTACKD_PORT, BLOCKSTACK_METADATA_DIR, BLOCKSTACK_DEFAULT_STORAGE_DRIVERS, \
FIRST_BLOCK_MAINNET, NAME_OPCODES, OPFIELDS, CONFIG_DIR, SPV_HEADERS_PATH, BLOCKCHAIN_ID_MAGIC, \
NAME_PREORDER, NAME_REGISTRATION, NAME_UPDATE, NAME_TRANSFER, NAMESPACE_PREORDER, NAME_IMPORT, \
USER_ZONEFILE_TTL, CONFIG_PATH, url_to_host_port, LENGTH_CONSENSUS_HASH, LENGTH_VALUE_HASH, \from .util import url_to_host_port, url_protocol, parse_DID
from .config import MAX_RPC_LEN, BLOCKSTACK_TEST, BLOCKSTACK_DEBUG, RPC_SERVER_PORT, RPC_SERVER_TEST_PORT, LENGTHS, RPC_DEFAULT_TIMEOUT, BLOCKSTACK_TEST, get_blockstack_api_opts, TOKEN_TYPE_STACKS
from .schemas import *
from .scripts import is_name_valid, is_subdomain, check_name, check_subdomain
from .storage import verify_zonefile
import virtualchain
import keylib
import jsontokens
import blockstack_zones
import requests
log = virtualchain.get_logger('blockstackd-client')
# prevent the usual XML attacks
xmlrpc.MAX_DATA = MAX_RPC_LEN
xmlrpc.monkey_patch()
class TimeoutHTTPConnection(httplib.HTTPConnection):
"""
borrowed with gratitude from Justin Cappos
https://seattle.poly.edu/browser/seattle/trunk/demokit/timeout_xmlrpclib.py?rev=692
"""
def connect(self):
httplib.HTTPConnection.connect(self)
self.sock.settimeout(self.timeout)
def putheader(self, header, argument, *args, **kw):
if header.lower() == 'host':
if hasattr(self, '_sent_host') and self._sent_host:
# don't re-send
returndef dispatch(self, data, **kwargs):
"""
Extracts the xml marshaled parameters and method name and calls the
underlying method and returns either an xml marshaled response
or an XMLRPC fault
Although very similar to the superclass' _marshaled_dispatch, this
method has a different name due to the different parameters it takes
from the superclass method.
"""
try:
if sys.version_info.major == 2:
params, method = xmlrpc.xmlrpc_client.loads(data, self.use_datetime)
else:
params, method = xmlrpc.xmlrpc_client.loads(data, self.use_datetime, self.use_builtin_types)
response = self._dispatch(method, params, **kwargs)
# wrap response in a singleton tuple
response = (response,)
response = dumps(response, methodresponse=1,
allow_none=self.allow_none,
encoding=self.encoding)
except Fault as fault:
response = dumps(fault, allow_none=self.allow_none,
encoding=self.encoding)
except Exception as e:
response = dumps(
Fault(1, 'Unknown error, {}'.format(e)),
encoding=self.encoding, allow_none=self.allow_none,
)import random
import time
import copy
import blockstack_profiles
import blockstack_zones
import urllib
from xmlrpclib import ServerProxy, Transport
from defusedxml import xmlrpc
import httplib
import base64
import jsonschema
from jsonschema.exceptions import ValidationError
# prevent the usual XML attacks
xmlrpc.MAX_DATA = 10 * 1024 * 1024 # 10MB
xmlrpc.monkey_patch()
import storage
import scripts
import pybitcoin
import bitcoin
import binascii
from utilitybelt import is_hex
import config
from config import get_logger, DEBUG, MAX_RPC_LEN, find_missing, BLOCKSTACKD_SERVER, \
BLOCKSTACKD_PORT, BLOCKSTACK_METADATA_DIR, BLOCKSTACK_DEFAULT_STORAGE_DRIVERS, \
FIRST_BLOCK_MAINNET, NAME_OPCODES, OPFIELDS, CONFIG_DIR, SPV_HEADERS_PATH, BLOCKCHAIN_ID_MAGIC, \
NAME_PREORDER, NAME_REGISTRATION, NAME_UPDATE, NAME_TRANSFER, NAMESPACE_PREORDER, NAME_IMPORT, \
USER_ZONEFILE_TTL, CONFIG_PATH, url_to_host_port, LENGTH_CONSENSUS_HASH, LENGTH_VALUE_HASH, \
LENGTH_MAX_NAME, LENGTH_MAX_NAMESPACE_ID, TRANSFER_KEEP_DATA, TRANSFER_REMOVE_DATA, op_get_opcode_namedef get_method_name(self, raw_post_data, request_format='xml'):
'''
Gets the name of the method to be called given the post data
and the format of the data
'''
if request_format == 'xml':
# xmlrpclib.loads could throw an exception, but this is fine
# since _marshaled_dispatch would throw the same thing
try:
params, method = xmlrpc.xmlrpc_client.loads(raw_post_data.decode('utf-8'))
return method
except Exception:
return None
else:
try:
# attempt to do a json decode on the data
jsondict = json.loads(raw_post_data.decode('utf-8'))
if not isinstance(jsondict, dict) or 'method' not in jsondict:
return None
else:
return jsondict['method']
except ValueError:
return Nonefrom .config import MAX_RPC_LEN, BLOCKSTACK_TEST, BLOCKSTACK_DEBUG, RPC_SERVER_PORT, RPC_SERVER_TEST_PORT, LENGTHS, RPC_DEFAULT_TIMEOUT, BLOCKSTACK_TEST, get_blockstack_api_opts, TOKEN_TYPE_STACKS
from .schemas import *
from .scripts import is_name_valid, is_subdomain, check_name, check_subdomain
from .storage import verify_zonefile
import virtualchain
import keylib
import jsontokens
import blockstack_zones
import requests
log = virtualchain.get_logger('blockstackd-client')
# prevent the usual XML attacks
xmlrpc.MAX_DATA = MAX_RPC_LEN
xmlrpc.monkey_patch()
class TimeoutHTTPConnection(httplib.HTTPConnection):
"""
borrowed with gratitude from Justin Cappos
https://seattle.poly.edu/browser/seattle/trunk/demokit/timeout_xmlrpclib.py?rev=692
"""
def connect(self):
httplib.HTTPConnection.connect(self)
self.sock.settimeout(self.timeout)
def putheader(self, header, argument, *args, **kw):
if header.lower() == 'host':
if hasattr(self, '_sent_host') and self._sent_host:
# don't re-send
returndef get_method_name(self, raw_post_data, request_format='xml'):
'''
Gets the name of the method to be called given the post data
and the format of the data
'''
if request_format == 'xml':
# xmlrpclib.loads could throw an exception, but this is fine
# since _marshaled_dispatch would throw the same thing
try:
params, method = xmlrpc.xmlrpc_client.loads(raw_post_data.decode('utf-8'))
return method
except Exception:
return None
else:
try:
# attempt to do a json decode on the data
jsondict = json.loads(raw_post_data.decode('utf-8'))
if not isinstance(jsondict, dict) or 'method' not in jsondict:
return None
else:
return jsondict['method']
except ValueError:
return Nonedefusedxml
XML bomb protection for Python stdlib modules
Package Health Score
70 / 100Popular defusedxml functions
- defusedxml.cElementTree
- defusedxml.cElementTree.fromstring
- defusedxml.cElementTree.parse
- defusedxml.ElementTree
- defusedxml.ElementTree.Element
- defusedxml.ElementTree.fromstring
- defusedxml.ElementTree.parse
- defusedxml.ElementTree.ParseError
- defusedxml.ElementTree.SubElement
- defusedxml.ElementTree.tostring
- defusedxml.lxml
- defusedxml.lxml._etree
- defusedxml.lxml._etree.ElementTree
- defusedxml.lxml._etree.parse
- defusedxml.lxml.fromstring
- defusedxml.lxml.parse
- defusedxml.minidom.parse
- defusedxml.minidom.parseString
- defusedxml.pulldom.parse
- defusedxml.xmlrpc