Disable external file access by default

Author: mwilliamson

NEWS

@@ -4,7 +4,8 @@
 
 * Fix conversion of unmerged table cells.
 
-* Support disabling external file accesses using the external_file_access argument.
+* Disable external file accesses by default. External file access can be enabled
+  using the external_file_access argument.
 
 * Handle numbering levels defined without an index.
 

README.md

@@ -291,9 +291,9 @@ Converts the source document to HTML.
   pass `include_default_style_map=False`.
 
 * Source documents may reference files outside of the source document.
-  To disable access to any such external files during the conversion process,
-  pass `external_file_access=False`.
-  This is highly recommended when converting untrusted user input.
+  Access to any such external files is disabled by default.
+  To enable access when converting trusted source documents,
+  pass `external_file_access=True`.
 
 * `convert_image`: by default, images are converted to `<img>` elements with the source included inline in the `src` attribute.
   Set this argument to an [image converter](#image-converters) to override the default behaviour.
@@ -420,8 +420,9 @@ For instance:
   and embed the HTML into your website,
   this may allow arbitrary files on the server to be read and exfiltrated.
 
-  To disable access to any such external files during the conversion process,
-  pass `external_file_access=False`.
+  To avoid this issue, access to any such external files is disabled by default.
+  To enable access when converting trusted source documents,
+  pass `external_file_access=True`.
 
 ### Document transforms
 

mammoth/__init__.py

@@ -34,7 +34,7 @@ def convert(
         kwargs["embedded_style_map"] = read_style_map(fileobj)
 
     if external_file_access is _undefined:
-        external_file_access = True
+        external_file_access = False
 
     return options.read_options(kwargs).bind(lambda convert_options:
         docx.read(fileobj, external_file_access=external_file_access).map(transform_document).bind(lambda document:

tests/mammoth_tests.py

@@ -110,40 +110,40 @@ def test_inline_images_referenced_by_path_relative_to_base_are_included_in_outpu
         assert_equal([], result.messages)
 
 
-def test_images_stored_outside_of_document_are_included_in_output():
+def test_when_external_file_access_is_enabled_images_stored_outside_of_document_are_included_in_output():
     with open(generate_test_path("external-picture.docx"), "rb") as fileobj:
-        result = mammoth.convert_to_html(fileobj=fileobj)
+        result = mammoth.convert_to_html(fileobj=fileobj, external_file_access=True)
         assert_equal("""<p><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAIAAAACUFjqAAAAAXNSR0IArs4c6QAAAAlwSFlzAAAOvgAADr4B6kKxwAAAABNJREFUKFNj/M+ADzDhlWUYqdIAQSwBE8U+X40AAAAASUVORK5CYII=" /></p>""", result.value)
         assert_equal([], result.messages)
 
 
-def test_warn_if_images_stored_outside_of_document_are_specified_when_passing_fileobj_without_name():
+def test_when_external_file_access_is_enabled_warn_if_images_stored_outside_of_document_are_specified_when_passing_fileobj_without_name():
     fileobj = io.BytesIO()
     with open(generate_test_path("external-picture.docx"), "rb") as source_fileobj:
         shutil.copyfileobj(source_fileobj, fileobj)
 
-    result = mammoth.convert_to_html(fileobj=fileobj)
+    result = mammoth.convert_to_html(fileobj=fileobj, external_file_access=True)
     assert_equal("", result.value)
     assert_equal([results.warning("could not find external image 'tiny-picture.png', fileobj has no name")], result.messages)
 
 
-def test_warn_if_images_stored_outside_of_document_are_specified_when_external_file_access_is_disabled():
+def test_given_external_file_access_is_disabled_by_default_then_warn_if_images_stored_outside_of_document_are_specified():
     with open(generate_test_path("external-picture.docx"), "rb") as fileobj:
-        result = mammoth.convert_to_html(fileobj=fileobj, external_file_access=False)
+        result = mammoth.convert_to_html(fileobj=fileobj)
 
     assert_equal("", result.value)
     assert_equal([results.warning("could not open external image 'tiny-picture.png', external file access is disabled")], result.messages)
 
 
-def test_warn_if_images_stored_outside_of_document_are_not_found():
+def test_when_external_file_access_is_enabled_warn_if_images_stored_outside_of_document_are_not_found():
     with tempman.create_temp_dir() as temp_dir:
         document_path = os.path.join(temp_dir.path, "document.docx")
         with open(document_path, "wb") as fileobj:
             with open(generate_test_path("external-picture.docx"), "rb") as source_fileobj:
                 shutil.copyfileobj(source_fileobj, fileobj)
 
         with open(document_path, "rb") as fileobj:
-            result = mammoth.convert_to_html(fileobj=fileobj)
+            result = mammoth.convert_to_html(fileobj=fileobj, external_file_access=True)
             assert_equal("", result.value)
             expected_warning = "could not open external image: 'tiny-picture.png'"
             assert_equal("warning", result.messages[0].type)