Merge pull request #40 from CybOXProject/cdata_commas

Wrap , entities with CDATA

Author: gtback

cybox/test/common/properties_test.py

@@ -25,6 +25,16 @@ def test_string(self):
         self.assertTrue(s.datatype, "String")
         self.assertTrue(s.value, "test_string")
 
+    def test_string_with_comma(self):
+        s = String("test_string,")
+        s2 = cybox.test.round_trip(s)
+        self.assertEqual(s, s2)
+
+    def test_list_of_strings_with_comma(self):
+        s = String([u"string,1", u"string,1", u"string,3"])
+        s2 = cybox.test.round_trip(s)
+        self.assertEqual(s, s2)
+
     def test_integer(self):
         i = Integer(42)
         self.assertTrue(i.datatype, "Integer")

cybox/test/utils_test.py

@@ -111,7 +111,8 @@ def test_encode_decode_lists(self):
         c = ["A long", "long", "time ago"]
         d = "A long,long,time ago"
 
-        self.assertEqual(cybox.utils.normalize_to_xml(a), b)
+        self.assertEqual(cybox.utils.normalize_to_xml(a),
+                         cybox.utils.wrap_cdata(b))
         self.assertEqual(cybox.utils.normalize_to_xml(c), d)
         self.assertEqual(cybox.utils.denormalize_from_xml(a), c)
         self.assertEqual(cybox.utils.denormalize_from_xml(b), a)
@@ -122,7 +123,8 @@ def test_email_address(self):
         self._test_escape_unescape(escaped, unescaped)
 
     def test_subject(self):
-        escaped = "Oh, the perils of <script> & <frame>"
+        escaped = cybox.utils.wrap_cdata(
+                "Oh, the perils of <script> & <frame>")
         unescaped = "Oh, the perils of <script> & <frame>"
         self._test_escape_unescape(escaped, unescaped)
 

cybox/utils/__init__.py

@@ -19,19 +19,45 @@ def get_class_for_object_type(object_type):
 
 
 def denormalize_from_xml(value):
+    # This is probably not necessary since the parser will have removed
+    # the CDATA already.
+    value = unwrap_cdata(value)
+
     if ',' in value:
-        return [xml.sax.saxutils.unescape(x, UNESCAPE_DICT).strip()
-                for x in value.split(',')]
+        return [unescape(x).strip() for x in value.split(',')]
     else:
-        return xml.sax.saxutils.unescape(unicode(value), UNESCAPE_DICT)
+        return unescape(value)
 
 
 def normalize_to_xml(value):
     if isinstance(value, list):
-        return ",".join([xml.sax.saxutils.escape(x, ESCAPE_DICT)
-                         for x in value])
+        value = ",".join([escape(x) for x in value])
+    else:
+        value = escape(unicode(value))
+
+    if ',' in value:
+        value = wrap_cdata(value)
+    return value
+
+
+def escape(value):
+    return xml.sax.saxutils.escape(value, ESCAPE_DICT)
+
+
+def unescape(value):
+    return xml.sax.saxutils.unescape(value, UNESCAPE_DICT)
+
+
+def wrap_cdata(value):
+    return "<![CDATA[" + value + "]]>"
+
+
+def unwrap_cdata(value):
+    """Remove CDATA wrapping from `value` if present"""
+    if value.startswith("<![CDATA[") and value.endswith("]]>"):
+        return value[9:-3]
     else:
-        return xml.sax.saxutils.escape(unicode(value), ESCAPE_DICT)
+        return value
 
 
 def test_value(value):