x/python-scciclient
Code Issues Proposed changes

Use defusedxml instead of standard xml

Browse Source 
Because XML handling modules in xml Python standard library
are vulnerable[1], we should use defusedxml[2] for parsing XML.

[1] https://docs.python.org/3/library/xml.html#xml-vulnerabilities
[2] https://pypi.org/project/defusedxml/

Change-Id: I8ff057ee64c04c4cd5c92abf3e31b52c6225ed76
(cherry picked from commit 8e527de430)
(cherry picked from commit 3488869d99)
This commit is contained in:
vanou
2021-12-28 10:16:00 +09:00
committed by Vanou Ishii
parent 16455daeb1
commit 677eb05cb3
3 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
requirements.txt
View File

@@ -6,6 +6,7 @@ Babel!=2.4.0,>=2.3.4 # BSD
pyghmi>=1.0.24 # Apache-2.0 pyghmi>=1.0.24 # Apache-2.0
pysnmp>=4.2.3 # BSD pysnmp>=4.2.3 # BSD
requests>=2.14.2 # Apache-2.0 requests>=2.14.2 # Apache-2.0
defusedxml>=0.7.0 # PSF
six>=1.10.0 # MIT six>=1.10.0 # MIT
oslo.utils!=3.39.1,!=3.40.0,!=3.40.1,>=3.33.0;python_version>='3.0' # Apache-2.0 oslo.utils!=3.39.1,!=3.40.0,!=3.40.1,>=3.33.0;python_version>='3.0' # Apache-2.0
oslo.serialization!=2.19.1,>=2.18;python_version>='3.0' # Apache-2.0 oslo.serialization!=2.19.1,>=2.18;python_version>='3.0' # Apache-2.0

4
scciclient/irmc/scci.py
View File

@@ -18,8 +18,8 @@ SCCI functionalities shared between different iRMC modules.
import functools import functools
import time import time
import xml.etree.ElementTree as ET
import defusedxml.ElementTree as ET
import requests import requests
import six import six
@@ -487,7 +487,6 @@ def get_sensor_data_records(report):
""" """
sensor = report.find("./System/SensorDataRecords") sensor = report.find("./System/SensorDataRecords")
# ET.dump(sensor[0])
return sensor return sensor
@@ -500,7 +499,6 @@ def get_irmc_version(report):
""" """
version = report.find("./System/ManagementControllers/iRMC") version = report.find("./System/ManagementControllers/iRMC")
# ET.dump(version[0])
return version return version

5
scciclient/tests/irmc/test_scci.py
View File

@@ -19,6 +19,7 @@ import os
import time import time
import xml.etree.ElementTree as ET import xml.etree.ElementTree as ET
import defusedxml.ElementTree as dET
import mock import mock
from requests_mock.contrib import fixture as rm_fixture from requests_mock.contrib import fixture as rm_fixture
import six import six
@@ -49,13 +50,13 @@ class SCCITestCase(testtools.TestCase):
os.path.dirname(__file__), os.path.dirname(__file__),
'fixtures/irmc_report_ok.xml'), "r") as report_ok: 'fixtures/irmc_report_ok.xml'), "r") as report_ok:
self.report_ok_txt = report_ok.read() self.report_ok_txt = report_ok.read()
self.report_ok_xml = ET.fromstring(self.report_ok_txt) self.report_ok_xml = dET.fromstring(self.report_ok_txt)
with open(os.path.join( with open(os.path.join(
os.path.dirname(__file__), os.path.dirname(__file__),
'fixtures/irmc_report_ng.xml'), "r") as report_ng: 'fixtures/irmc_report_ng.xml'), "r") as report_ng:
self.report_ng_txt = report_ng.read() self.report_ng_txt = report_ng.read()
self.report_ng_xml = ET.fromstring(self.report_ng_txt) self.report_ng_xml = dET.fromstring(self.report_ng_txt)
self.irmc_address = '10.124.196.159' self.irmc_address = '10.124.196.159'
self.irmc_username = 'admin' self.irmc_username = 'admin'