Use defusedxml instead of standard xml
Because XML handling modules in xml Python standard library are vulnerable[1], we should use defusedxml[2] for parsing XML. [1] https://docs.python.org/3/library/xml.html#xml-vulnerabilities [2] https://pypi.org/project/defusedxml/ Conflicts: scciclient/tests/irmc/test_scci.py Change-Id: I8ff057ee64c04c4cd5c92abf3e31b52c6225ed76 (cherry picked from commit8e527de430
) (cherry picked from commit3488869d99
) (cherry picked from commit677eb05cb3
)
This commit is contained in:
parent
9debe94866
commit
7f1176810c
|
@ -6,6 +6,7 @@ Babel!=2.4.0,>=2.3.4 # BSD
|
|||
pyghmi>=1.0.24 # Apache-2.0
|
||||
pysnmp>=4.2.3 # BSD
|
||||
requests>=2.14.2 # Apache-2.0
|
||||
defusedxml>=0.7.0 # PSF
|
||||
six>=1.10.0 # MIT
|
||||
oslo.utils!=3.39.1,!=3.40.0,!=3.40.1,>=3.33.0 # Apache-2.0
|
||||
oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
|
||||
|
|
|
@ -18,8 +18,8 @@ SCCI functionalities shared between different iRMC modules.
|
|||
|
||||
import functools
|
||||
import time
|
||||
import xml.etree.ElementTree as ET
|
||||
|
||||
import defusedxml.ElementTree as ET
|
||||
import requests
|
||||
import six
|
||||
|
||||
|
@ -487,7 +487,6 @@ def get_sensor_data_records(report):
|
|||
"""
|
||||
|
||||
sensor = report.find("./System/SensorDataRecords")
|
||||
# ET.dump(sensor[0])
|
||||
return sensor
|
||||
|
||||
|
||||
|
@ -500,7 +499,6 @@ def get_irmc_version(report):
|
|||
"""
|
||||
|
||||
version = report.find("./System/ManagementControllers/iRMC")
|
||||
# ET.dump(version[0])
|
||||
return version
|
||||
|
||||
|
||||
|
|
|
@ -20,6 +20,7 @@ import sys
|
|||
import time
|
||||
import xml.etree.ElementTree as ET
|
||||
|
||||
import defusedxml.ElementTree as dET
|
||||
from requests_mock.contrib import fixture as rm_fixture
|
||||
import six
|
||||
import six.moves.builtins as __builtin__
|
||||
|
@ -54,13 +55,13 @@ class SCCITestCase(testtools.TestCase):
|
|||
os.path.dirname(__file__),
|
||||
'fixtures/irmc_report_ok.xml'), "r") as report_ok:
|
||||
self.report_ok_txt = report_ok.read()
|
||||
self.report_ok_xml = ET.fromstring(self.report_ok_txt)
|
||||
self.report_ok_xml = dET.fromstring(self.report_ok_txt)
|
||||
|
||||
with open(os.path.join(
|
||||
os.path.dirname(__file__),
|
||||
'fixtures/irmc_report_ng.xml'), "r") as report_ng:
|
||||
self.report_ng_txt = report_ng.read()
|
||||
self.report_ng_xml = ET.fromstring(self.report_ng_txt)
|
||||
self.report_ng_xml = dET.fromstring(self.report_ng_txt)
|
||||
|
||||
self.irmc_address = '10.124.196.159'
|
||||
self.irmc_username = 'admin'
|
||||
|
|
Loading…
Reference in New Issue