Numerous security issues.

[d1b]

Hi, there are several security issues in the code found in this repository.

The first is that

sendgrid-python-dmarc-parser/dmarc_parser/unzip.py

Line 28 in 9cfac09

file = open(os.path.join(self.dir,name), 'wb')

is vulnerable to path traversal. It needs to filter out path traversal characters (e.g. take the basename of a given file) or generate its own filename(s) or consume the xml without writing it to the file system to fix this issue.

Another issue that seemingly exists is
XXE(https://en.wikipedia.org/wiki/XML_external_entity_attack) when
parsing dmarc xml reports. This appears to be in
https://github.com/thinkingserious/sendgrid-python-dmarc-parser/blob/master/dmarc_parser/parse_dmarc.py#L26
and can be fixed by making use of https://pypi.org/project/defusedxml/ .