SAAS-1132: Improve safety of XML parsing for listener stats

2015-11-09 19:32:56 -05:00 · 2015-11-09 19:32:56 -05:00 · bb05fa996a
commit bb05fa996a
parent c85944785b
2 changed files with 5 additions and 4 deletions
--- a/python_apps/pypo/pypo/listenerstat.py
+++ b/python_apps/pypo/pypo/listenerstat.py
@ -1,6 +1,6 @@
 from threading import Thread
 import urllib2
-import xml.dom.minidom
+import defusedxml.minidom
 import base64
 from datetime import datetime
 import traceback
@ -64,7 +64,7 @@ class ListenerStat(Thread):
        else:
            url = 'http://%(host)s:%(port)s/admin/stats.xml' % ip
            document = self.get_stream_server_xml(ip, url)
-        dom = xml.dom.minidom.parseString(document)
+        dom = defusedxml.minidom.parseString(document)
        sources = dom.getElementsByTagName("source")

        mount_stats = None
@ -87,7 +87,7 @@ class ListenerStat(Thread):
    def get_shoutcast_stats(self, ip):
        url = 'http://%(host)s:%(port)s/admin.cgi?sid=1&mode=viewxml' % ip
        document = self.get_stream_server_xml(ip, url, is_shoutcast=True)
-        dom = xml.dom.minidom.parseString(document)
+        dom = defusedxml.parseString(document)
        current_listeners = dom.getElementsByTagName("CURRENTLISTENERS")

        timestamp = datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S")
--- a/python_apps/pypo/setup.py
+++ b/python_apps/pypo/setup.py
@ -58,7 +58,8 @@ setup(name='airtime-playout',
          'pyinotify',
          'pytz',
          'requests',
-          'wsgiref'
+          'wsgiref',
+          'defusedxml'
      ],
      zip_safe=False,
      data_files=data_files)