The Billion Laughs DoS attack seems preventable by simply stopping entities in XML files from being expanded. Is there a way to do this in Python's xlrd library (i.e. a flag of some sort)? If not, is there a recommended way to avoid the attack?
How to prevent "billion laughs" DoS attack in Python's xlrd?
2.6k views Asked by Cisplatin At
1
There are 1 answers
Related Questions in PYTHON
- How to store a date/time in sqlite (or something similar to a date)
- Instagrapi recently showing HTTPError and UnknownError
- How to Retrieve Data from an MySQL Database and Display it in a GUI?
- How to create a regular expression to partition a string that terminates in either ": 45" or ",", without the ": "
- Python Geopandas unable to convert latitude longitude to points
- Influence of Unused FFN on Model Accuracy in PyTorch
- Seeking Python Libraries for Removing Extraneous Characters and Spaces in Text
- Writes to child subprocess.Popen.stdin don't work from within process group?
- Conda has two different python binarys (python and python3) with the same version for a single environment. Why?
- Problem with add new attribute in table with BOTO3 on python
- Can't install packages in python conda environment
- Setting diagonal of a matrix to zero
- List of numbers converted to list of strings to iterate over it. But receiving TypeError messages
- Basic Python Question: Shortening If Statements
- Python and regex, can't understand why some words are left out of the match
Related Questions in XML
- Postgres && statement Error in Mybatis Mapper?
- Sorting items after building an XML feed?
- C# XML ModelBinding - ASP.NET Core 8 Web API - required field not found
- How can I create an automatic table of contents in docx without the text being bold?
- Odoo 16 Make Fields Readonly Using XPath
- Using similar tags for different objects in XML
- Android Studio problem like gradle sync project failed and plugin error, version 2023.2.1 Iguana
- error: cannot find symbol View root = inflater.inflate(R.layout.toolbar, parent, false);
- Android camera application restriction to 12 mp
- Azure Data Factory Copy Activity Only Importing First Row of XML file
- I am not able to remove space below the navigation view icon in android studio. What;s wrong with code?
- Field can be converted to a local variable ,convert field to local variable in onCreate method
- Deserialize XML with optional different name
- Retrieve tags from xml using python
- Getting attribute from xml and printing it error
Related Questions in XLSX
- how ejs converting to excel
- Export Gradient coloured dataframe to excel
- How can I optimize creating an xlsx file?
- Script not list excel search result for me
- Fatal Error - Could not open xlsx for reading PHPspreadsheet
- Error reading .xlsx files. The script was shared, I havenĀ“t modified it. I make sure to set the working directory and files
- Colors the code in a XLSX .template file with Visual Studio Code
- xlsx - columns getting mapped incorrectly while reading into spark dataframe using pyspark
- How to password-protect an XLSX file in Python
- How to get Header info or Footer info from XLSX File with Angular
- Kendo-Vue Excel Export Currency Formatting
- PHP Spreadsheet modify one sheet without corrupting others
- write xlsx files from a list of dataframes in R
- How to read xlsx file and store it in database in low memory using node.js?
- Fast appending data to an existing Excel (.xlsx) file in-memory without losing pivots/slicers
Related Questions in XLRD
- django "import excel to database" libraries
- pandas.read_excel() cannot read an .xls file, what is going wrong?
- Having difficulties to open an old format xls file with python pandas
- Skip empty colum in Python/xlrd
- Python error "Module not found" while trying to read .xls file. How to install xlrd?
- How do I use Python/openpyxl to create collapsible rows/columns in Excel that can be collapsed?
- Python solution for iterating through .xls spreadsheet with multiple tabs, deleting rows and first column, and export to csv?
- How to convert xls excel files to xlsx files using xlrd and openpyxl libraries in python
- How to loop through column in excel until an empty cell
- python | calling functions according to excel sheet names
- How to read a null cell in excel as numeric zero value using xlrd in Python
- Airflow DAG fails to run with xlrd library in Docker setup
- how to open an xlsx file with xlrd
- How to apply python code for all the cells in the column?
- how to ignore error "ERROR *** Token 0x2d (AreaN) found in NAME formula" from pyspark.pandas.read_excel(engine = xlrd) reading xls file with #REF
Related Questions in CLIENT-SIDE-ATTACKS
- Client side securing token vulnerability circular dilemma
- Browser redirect from server side
- Site attacked: ${jndi:ldap:/93.95.216.134:1389/Exploit}
- Block https://example.com/livewire/message/xyz external access
- Why does client hijacking only works while the browser is online?
- Saving access token and refresh token to local storage but encrypted?
- Ways to secure API that do not require authentication, to be called only from one pre-defined consumer
- Stop api abuse before user is authenticated
- XSS PoC: Hide Rendered Characters in DOM
- What are the things that need to be considered while deleting a resource through api
- localhost javascript bundled is trying to be injected to my website by an user. (Reported by Sentry an error and performance tracking tool)
- Why should we include CSP headers in the HTTP response for an API?
- Best practice for securing a client side call to an API endpoint
- Does somebody knows about this: repo1.criticalnumeric.tech
- How to prevent hackers from modifying the product price in e-commerce
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Not with xlrd by itself
There is no option in xlrd at this time for preventing any sort of XML bomb. In the source code, the xlsx data is passed to python's built-in
xml.etreefor parsing without any validation:However, it may be possible to patch
ElementTreeusing defusedxmlAs noted in the comments, defusedxml is a package targeted directly at the problem of security against different types of XML bombs. From the docs:
It also provides the functionality of patching the standard library. Since that is what xlrd is using, you are able to use the combination of xlrd and defusedxml to read Excel files while protecting yourself from XML bombs.