forked from AFPy/python-docs-fr
260 lines
7.4 KiB
Plaintext
260 lines
7.4 KiB
Plaintext
# SOME DESCRIPTIVE TITLE.
|
|
# Copyright (C) 2001-2016, Python Software Foundation
|
|
# This file is distributed under the same license as the Python package.
|
|
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
|
|
#
|
|
#, fuzzy
|
|
msgid ""
|
|
msgstr ""
|
|
"Project-Id-Version: Python 3.6\n"
|
|
"Report-Msgid-Bugs-To: \n"
|
|
"POT-Creation-Date: 2017-04-02 22:11+0200\n"
|
|
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
|
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
|
"Language-Team: LANGUAGE <LL@li.org>\n"
|
|
"Language: fr\n"
|
|
"MIME-Version: 1.0\n"
|
|
"Content-Type: text/plain; charset=UTF-8\n"
|
|
"Content-Transfer-Encoding: 8bit\n"
|
|
|
|
#: ../Doc/library/xml.rst:4
|
|
msgid "XML Processing Modules"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:12
|
|
msgid "**Source code:** :source:`Lib/xml/`"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:16
|
|
msgid ""
|
|
"Python's interfaces for processing XML are grouped in the ``xml`` package."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:20
|
|
msgid ""
|
|
"The XML modules are not secure against erroneous or maliciously constructed "
|
|
"data. If you need to parse untrusted or unauthenticated data see the :ref:"
|
|
"`xml-vulnerabilities` and :ref:`defused-packages` sections."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:25
|
|
msgid ""
|
|
"It is important to note that modules in the :mod:`xml` package require that "
|
|
"there be at least one SAX-compliant XML parser available. The Expat parser "
|
|
"is included with Python, so the :mod:`xml.parsers.expat` module will always "
|
|
"be available."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:30
|
|
msgid ""
|
|
"The documentation for the :mod:`xml.dom` and :mod:`xml.sax` packages are the "
|
|
"definition of the Python bindings for the DOM and SAX interfaces."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:33
|
|
msgid "The XML handling submodules are:"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:35
|
|
msgid ""
|
|
":mod:`xml.etree.ElementTree`: the ElementTree API, a simple and lightweight "
|
|
"XML processor"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:40
|
|
msgid ":mod:`xml.dom`: the DOM API definition"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:41
|
|
msgid ":mod:`xml.dom.minidom`: a minimal DOM implementation"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:42
|
|
msgid ":mod:`xml.dom.pulldom`: support for building partial DOM trees"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:46
|
|
msgid ":mod:`xml.sax`: SAX2 base classes and convenience functions"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:47
|
|
msgid ":mod:`xml.parsers.expat`: the Expat parser binding"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:53
|
|
msgid "XML vulnerabilities"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:55
|
|
msgid ""
|
|
"The XML processing modules are not secure against maliciously constructed "
|
|
"data. An attacker can abuse XML features to carry out denial of service "
|
|
"attacks, access local files, generate network connections to other machines, "
|
|
"or circumvent firewalls."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:60
|
|
msgid ""
|
|
"The following table gives an overview of the known attacks and whether the "
|
|
"various modules are vulnerable to them."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:64
|
|
msgid "kind"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:64
|
|
msgid "sax"
|
|
msgstr "sax"
|
|
|
|
#: ../Doc/library/xml.rst:64
|
|
msgid "etree"
|
|
msgstr "etree"
|
|
|
|
#: ../Doc/library/xml.rst:64
|
|
msgid "minidom"
|
|
msgstr "minidom"
|
|
|
|
#: ../Doc/library/xml.rst:64
|
|
msgid "pulldom"
|
|
msgstr "pulldom"
|
|
|
|
#: ../Doc/library/xml.rst:64
|
|
msgid "xmlrpc"
|
|
msgstr "xmlrpc"
|
|
|
|
#: ../Doc/library/xml.rst:66
|
|
msgid "billion laughs"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:66 ../Doc/library/xml.rst:67
|
|
#: ../Doc/library/xml.rst:68 ../Doc/library/xml.rst:69
|
|
#: ../Doc/library/xml.rst:70
|
|
msgid "**Vulnerable**"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:67
|
|
msgid "quadratic blowup"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:68 ../Doc/library/xml.rst:97
|
|
msgid "external entity expansion"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:68
|
|
msgid "Safe (1)"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:68
|
|
msgid "Safe (2)"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:68
|
|
msgid "Safe (3)"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:69 ../Doc/library/xml.rst:102
|
|
msgid "`DTD`_ retrieval"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:69 ../Doc/library/xml.rst:70
|
|
msgid "Safe"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:70 ../Doc/library/xml.rst:109
|
|
msgid "decompression bomb"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:73
|
|
msgid ""
|
|
":mod:`xml.etree.ElementTree` doesn't expand external entities and raises a :"
|
|
"exc:`ParserError` when an entity occurs."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:75
|
|
msgid ""
|
|
":mod:`xml.dom.minidom` doesn't expand external entities and simply returns "
|
|
"the unexpanded entity verbatim."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:77
|
|
msgid ":mod:`xmlrpclib` doesn't expand external entities and omits them."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:85
|
|
msgid "billion laughs / exponential entity expansion"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:81
|
|
msgid ""
|
|
"The `Billion Laughs`_ attack -- also known as exponential entity expansion "
|
|
"-- uses multiple levels of nested entities. Each entity refers to another "
|
|
"entity several times, and the final entity definition contains a small "
|
|
"string. The exponential expansion results in several gigabytes of text and "
|
|
"consumes lots of memory and CPU time."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:92
|
|
msgid "quadratic blowup entity expansion"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:88
|
|
msgid ""
|
|
"A quadratic blowup attack is similar to a `Billion Laughs`_ attack; it "
|
|
"abuses entity expansion, too. Instead of nested entities it repeats one "
|
|
"large entity with a couple of thousand chars over and over again. The attack "
|
|
"isn't as efficient as the exponential case but it avoids triggering parser "
|
|
"countermeasures that forbid deeply-nested entities."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:95
|
|
msgid ""
|
|
"Entity declarations can contain more than just text for replacement. They "
|
|
"can also point to external resources or local files. The XML parser accesses "
|
|
"the resource and embeds the content into the XML document."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:100
|
|
msgid ""
|
|
"Some XML libraries like Python's :mod:`xml.dom.pulldom` retrieve document "
|
|
"type definitions from remote or local locations. The feature has similar "
|
|
"implications as the external entity expansion issue."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:105
|
|
msgid ""
|
|
"Decompression bombs (aka `ZIP bomb`_) apply to all XML libraries that can "
|
|
"parse compressed XML streams such as gzipped HTTP streams or LZMA-compressed "
|
|
"files. For an attacker it can reduce the amount of transmitted data by three "
|
|
"magnitudes or more."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:111
|
|
msgid ""
|
|
"The documentation for `defusedxml`_ on PyPI has further information about "
|
|
"all known attack vectors with examples and references."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:117
|
|
msgid "The :mod:`defusedxml` and :mod:`defusedexpat` Packages"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:119
|
|
msgid ""
|
|
"`defusedxml`_ is a pure Python package with modified subclasses of all "
|
|
"stdlib XML parsers that prevent any potentially malicious operation. Use of "
|
|
"this package is recommended for any server code that parses untrusted XML "
|
|
"data. The package also ships with example exploits and extended "
|
|
"documentation on more XML exploits such as XPath injection."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/xml.rst:125
|
|
msgid ""
|
|
"`defusedexpat`_ provides a modified libexpat and a patched :mod:`pyexpat` "
|
|
"module that have countermeasures against entity expansion DoS attacks. The :"
|
|
"mod:`defusedexpat` module still allows a sane and configurable amount of "
|
|
"entity expansions. The modifications may be included in some future release "
|
|
"of Python, but will not be included in any bugfix releases of Python because "
|
|
"they break backward compatibility."
|
|
msgstr ""
|