# SOME DESCRIPTIVE TITLE. # Copyright (C) 2001-2016, Python Software Foundation # This file is distributed under the same license as the Python package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: Python 3.6\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2017-08-10 00:49+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: fr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #: ../Doc/library/xml.rst:4 msgid "XML Processing Modules" msgstr "" #: ../Doc/library/xml.rst:12 msgid "**Source code:** :source:`Lib/xml/`" msgstr "" #: ../Doc/library/xml.rst:16 msgid "" "Python's interfaces for processing XML are grouped in the ``xml`` package." msgstr "" #: ../Doc/library/xml.rst:20 msgid "" "The XML modules are not secure against erroneous or maliciously constructed " "data. If you need to parse untrusted or unauthenticated data see the :ref:" "`xml-vulnerabilities` and :ref:`defused-packages` sections." msgstr "" #: ../Doc/library/xml.rst:25 msgid "" "It is important to note that modules in the :mod:`xml` package require that " "there be at least one SAX-compliant XML parser available. The Expat parser " "is included with Python, so the :mod:`xml.parsers.expat` module will always " "be available." msgstr "" #: ../Doc/library/xml.rst:30 msgid "" "The documentation for the :mod:`xml.dom` and :mod:`xml.sax` packages are the " "definition of the Python bindings for the DOM and SAX interfaces." msgstr "" #: ../Doc/library/xml.rst:33 msgid "The XML handling submodules are:" msgstr "" #: ../Doc/library/xml.rst:35 msgid "" ":mod:`xml.etree.ElementTree`: the ElementTree API, a simple and lightweight " "XML processor" msgstr "" #: ../Doc/library/xml.rst:40 msgid ":mod:`xml.dom`: the DOM API definition" msgstr "" #: ../Doc/library/xml.rst:41 msgid ":mod:`xml.dom.minidom`: a minimal DOM implementation" msgstr "" #: ../Doc/library/xml.rst:42 msgid ":mod:`xml.dom.pulldom`: support for building partial DOM trees" msgstr "" #: ../Doc/library/xml.rst:46 msgid ":mod:`xml.sax`: SAX2 base classes and convenience functions" msgstr "" #: ../Doc/library/xml.rst:47 msgid ":mod:`xml.parsers.expat`: the Expat parser binding" msgstr "" #: ../Doc/library/xml.rst:53 msgid "XML vulnerabilities" msgstr "" #: ../Doc/library/xml.rst:55 msgid "" "The XML processing modules are not secure against maliciously constructed " "data. An attacker can abuse XML features to carry out denial of service " "attacks, access local files, generate network connections to other machines, " "or circumvent firewalls." msgstr "" #: ../Doc/library/xml.rst:60 msgid "" "The following table gives an overview of the known attacks and whether the " "various modules are vulnerable to them." msgstr "" #: ../Doc/library/xml.rst:64 msgid "kind" msgstr "" #: ../Doc/library/xml.rst:64 msgid "sax" msgstr "sax" #: ../Doc/library/xml.rst:64 msgid "etree" msgstr "etree" #: ../Doc/library/xml.rst:64 msgid "minidom" msgstr "minidom" #: ../Doc/library/xml.rst:64 msgid "pulldom" msgstr "pulldom" #: ../Doc/library/xml.rst:64 msgid "xmlrpc" msgstr "xmlrpc" #: ../Doc/library/xml.rst:66 msgid "billion laughs" msgstr "" #: ../Doc/library/xml.rst:66 ../Doc/library/xml.rst:67 #: ../Doc/library/xml.rst:68 ../Doc/library/xml.rst:69 #: ../Doc/library/xml.rst:70 msgid "**Vulnerable**" msgstr "" #: ../Doc/library/xml.rst:67 msgid "quadratic blowup" msgstr "" #: ../Doc/library/xml.rst:68 ../Doc/library/xml.rst:97 msgid "external entity expansion" msgstr "" #: ../Doc/library/xml.rst:68 msgid "Safe (1)" msgstr "" #: ../Doc/library/xml.rst:68 msgid "Safe (2)" msgstr "" #: ../Doc/library/xml.rst:68 msgid "Safe (3)" msgstr "" #: ../Doc/library/xml.rst:69 ../Doc/library/xml.rst:102 msgid "`DTD`_ retrieval" msgstr "" #: ../Doc/library/xml.rst:69 ../Doc/library/xml.rst:70 msgid "Safe" msgstr "" #: ../Doc/library/xml.rst:70 ../Doc/library/xml.rst:109 msgid "decompression bomb" msgstr "" #: ../Doc/library/xml.rst:73 msgid "" ":mod:`xml.etree.ElementTree` doesn't expand external entities and raises a :" "exc:`ParserError` when an entity occurs." msgstr "" #: ../Doc/library/xml.rst:75 msgid "" ":mod:`xml.dom.minidom` doesn't expand external entities and simply returns " "the unexpanded entity verbatim." msgstr "" #: ../Doc/library/xml.rst:77 msgid ":mod:`xmlrpclib` doesn't expand external entities and omits them." msgstr "" #: ../Doc/library/xml.rst:85 msgid "billion laughs / exponential entity expansion" msgstr "" #: ../Doc/library/xml.rst:81 msgid "" "The `Billion Laughs`_ attack -- also known as exponential entity expansion " "-- uses multiple levels of nested entities. Each entity refers to another " "entity several times, and the final entity definition contains a small " "string. The exponential expansion results in several gigabytes of text and " "consumes lots of memory and CPU time." msgstr "" #: ../Doc/library/xml.rst:92 msgid "quadratic blowup entity expansion" msgstr "" #: ../Doc/library/xml.rst:88 msgid "" "A quadratic blowup attack is similar to a `Billion Laughs`_ attack; it " "abuses entity expansion, too. Instead of nested entities it repeats one " "large entity with a couple of thousand chars over and over again. The attack " "isn't as efficient as the exponential case but it avoids triggering parser " "countermeasures that forbid deeply-nested entities." msgstr "" #: ../Doc/library/xml.rst:95 msgid "" "Entity declarations can contain more than just text for replacement. They " "can also point to external resources or local files. The XML parser accesses " "the resource and embeds the content into the XML document." msgstr "" #: ../Doc/library/xml.rst:100 msgid "" "Some XML libraries like Python's :mod:`xml.dom.pulldom` retrieve document " "type definitions from remote or local locations. The feature has similar " "implications as the external entity expansion issue." msgstr "" #: ../Doc/library/xml.rst:105 msgid "" "Decompression bombs (aka `ZIP bomb`_) apply to all XML libraries that can " "parse compressed XML streams such as gzipped HTTP streams or LZMA-compressed " "files. For an attacker it can reduce the amount of transmitted data by three " "magnitudes or more." msgstr "" #: ../Doc/library/xml.rst:111 msgid "" "The documentation for `defusedxml`_ on PyPI has further information about " "all known attack vectors with examples and references." msgstr "" #: ../Doc/library/xml.rst:117 msgid "The :mod:`defusedxml` and :mod:`defusedexpat` Packages" msgstr "" #: ../Doc/library/xml.rst:119 msgid "" "`defusedxml`_ is a pure Python package with modified subclasses of all " "stdlib XML parsers that prevent any potentially malicious operation. Use of " "this package is recommended for any server code that parses untrusted XML " "data. The package also ships with example exploits and extended " "documentation on more XML exploits such as XPath injection." msgstr "" #: ../Doc/library/xml.rst:125 msgid "" "`defusedexpat`_ provides a modified libexpat and a patched :mod:`pyexpat` " "module that have countermeasures against entity expansion DoS attacks. The :" "mod:`defusedexpat` module still allows a sane and configurable amount of " "entity expansions. The modifications may be included in some future release " "of Python, but will not be included in any bugfix releases of Python because " "they break backward compatibility." msgstr ""