Use defusedxml instead of standard xml
Because XML handling modules in xml Python standard library are vulnerable[1], we should use defusedxml[2] for parsing XML. [1] https://docs.python.org/3/library/xml.html#xml-vulnerabilities [2] https://pypi.org/project/defusedxml/ Change-Id: I8ff057ee64c04c4cd5c92abf3e31b52c6225ed76
This commit is contained in:
parent
8bf25f738d
commit
8e527de430
|
@ -6,6 +6,7 @@ Babel!=2.4.0,>=2.3.4 # BSD
|
|||
pyghmi>=1.0.24 # Apache-2.0
|
||||
pysnmp>=4.2.3 # BSD
|
||||
requests>=2.14.2 # Apache-2.0
|
||||
defusedxml>=0.7.0 # PSF
|
||||
six>=1.10.0 # MIT
|
||||
oslo.utils>=3.33.0 # Apache-2.0
|
||||
oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
|
||||
|
|
|
@ -18,8 +18,8 @@ SCCI functionalities shared between different iRMC modules.
|
|||
|
||||
import functools
|
||||
import time
|
||||
import xml.etree.ElementTree as ET
|
||||
|
||||
import defusedxml.ElementTree as ET
|
||||
import requests
|
||||
import six
|
||||
|
||||
|
@ -487,7 +487,6 @@ def get_sensor_data_records(report):
|
|||
"""
|
||||
|
||||
sensor = report.find("./System/SensorDataRecords")
|
||||
# ET.dump(sensor[0])
|
||||
return sensor
|
||||
|
||||
|
||||
|
@ -500,7 +499,6 @@ def get_irmc_version(report):
|
|||
"""
|
||||
|
||||
version = report.find("./System/ManagementControllers/iRMC")
|
||||
# ET.dump(version[0])
|
||||
return version
|
||||
|
||||
|
||||
|
|
|
@ -19,6 +19,7 @@ import os
|
|||
import time
|
||||
import xml.etree.ElementTree as ET
|
||||
|
||||
import defusedxml.ElementTree as dET
|
||||
import mock
|
||||
from requests_mock.contrib import fixture as rm_fixture
|
||||
import six
|
||||
|
@ -49,13 +50,13 @@ class SCCITestCase(testtools.TestCase):
|
|||
os.path.dirname(__file__),
|
||||
'fixtures/irmc_report_ok.xml'), "r") as report_ok:
|
||||
self.report_ok_txt = report_ok.read()
|
||||
self.report_ok_xml = ET.fromstring(self.report_ok_txt)
|
||||
self.report_ok_xml = dET.fromstring(self.report_ok_txt)
|
||||
|
||||
with open(os.path.join(
|
||||
os.path.dirname(__file__),
|
||||
'fixtures/irmc_report_ng.xml'), "r") as report_ng:
|
||||
self.report_ng_txt = report_ng.read()
|
||||
self.report_ng_xml = ET.fromstring(self.report_ng_txt)
|
||||
self.report_ng_xml = dET.fromstring(self.report_ng_txt)
|
||||
|
||||
self.irmc_address = '10.124.196.159'
|
||||
self.irmc_username = 'admin'
|
||||
|
|
Loading…
Reference in New Issue