From d2009ab250e583b1c3bebac47ec471dd368f613a Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Wed, 16 Apr 2014 20:37:52 +0000
Subject: [PATCH] Prevent zenmapCore.NmapParser from looking up remote/system
 XML entities

---
 zenmap/zenmapCore/NmapParser.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/zenmap/zenmapCore/NmapParser.py b/zenmap/zenmapCore/NmapParser.py
index 1f818ad9e..fef3a6ee5 100644
--- a/zenmap/zenmapCore/NmapParser.py
+++ b/zenmap/zenmapCore/NmapParser.py
@@ -131,7 +131,7 @@ import copy
 from types import StringTypes
 from xml.sax import make_parser
 from xml.sax import SAXException
-from xml.sax.handler import ContentHandler
+from xml.sax.handler import ContentHandler, EntityResolver
 from xml.sax.saxutils import XMLGenerator
 from xml.sax.xmlreader import AttributesImpl as Attributes
 
@@ -1349,11 +1349,21 @@ class NmapParserSAX(ParserBasics, ContentHandler):
         return self.unsaved
 
 
+class OverrideEntityResolver(EntityResolver):
+    """This class overrides the default behavior of xml.sax to download
+    remote DTDs, instead returning blank strings"""
+    empty = StringIO.StringIO()
+
+    def resolveEntity(self, publicId, systemId):
+        return OverrideEntityResolver.empty
+
+
 def nmap_parser_sax():
     parser = make_parser()
     nmap_parser = NmapParserSAX()
 
     parser.setContentHandler(nmap_parser)
+    parser.setEntityResolver(OverrideEntityResolver())
     nmap_parser.set_parser(parser)
 
     return nmap_parser