From f9bc022c96dd73f5d5551777c19536db2464f06a Mon Sep 17 00:00:00 2001
From: jvoisin <julien.voisin@dustri.org>
Date: Sun, 8 Jul 2018 17:07:26 +0200
Subject: [PATCH] Add defusedxml as an (optional) way to prevent XML-based
 attacks

Those attacks are DoS-only.
---
 libmat2/office.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libmat2/office.py b/libmat2/office.py
index 14621d4..0d0c795 100644
--- a/libmat2/office.py
+++ b/libmat2/office.py
@@ -4,8 +4,11 @@ import shutil
 import tempfile
 import datetime
 import zipfile
-import xml.etree.ElementTree as ET
 from typing import Dict, Set, Pattern
+try:  # protect against DoS
+    from defusedxml import ElementTree as ET
+except ImportError:
+    import xml.etree.ElementTree as ET
 
 
 from . import abstract, parser_factory
-- 
GitLab