x
/
python-scciclient
Code Issues Proposed changes
Browse Source

Use defusedxml instead of standard xml 

Because XML handling modules in xml Python standard library
are vulnerable[1], we should use defusedxml[2] for parsing XML.

[1] https://docs.python.org/3/library/xml.html#xml-vulnerabilities
[2] https://pypi.org/project/defusedxml/

Change-Id: I8ff057ee64c04c4cd5c92abf3e31b52c6225ed76
changes/29/823029/5
vanou 5 months ago
parent
8bf25f738d
commit
8e527de430
3 changed files with 5 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      requirements.txt
  2. 4
      scciclient/irmc/scci.py
  3. 5
      scciclient/tests/irmc/test_scci.py

1
requirements.txt
Unescape View File

@ -6,6 +6,7 @@ Babel!=2.4.0,>=2.3.4 # BSD
pyghmi>=1.0.24 # Apache-2.0
pysnmp>=4.2.3 # BSD
requests>=2.14.2 # Apache-2.0
defusedxml>=0.7.0 # PSF
six>=1.10.0 # MIT
oslo.utils>=3.33.0 # Apache-2.0
oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0

4
scciclient/irmc/scci.py
Unescape View File

@ -18,8 +18,8 @@ SCCI functionalities shared between different iRMC modules.
import functools
import time
import xml.etree.ElementTree as ET
import defusedxml.ElementTree as ET
import requests
import six
@ -487,7 +487,6 @@ def get_sensor_data_records(report):
"""
sensor = report.find("./System/SensorDataRecords")
# ET.dump(sensor[0])
return sensor
@ -500,7 +499,6 @@ def get_irmc_version(report):
"""
version = report.find("./System/ManagementControllers/iRMC")
# ET.dump(version[0])
return version

5
scciclient/tests/irmc/test_scci.py
Unescape View File

@ -19,6 +19,7 @@ import os
import time
import xml.etree.ElementTree as ET
import defusedxml.ElementTree as dET
import mock
from requests_mock.contrib import fixture as rm_fixture
import six
@ -49,13 +50,13 @@ class SCCITestCase(testtools.TestCase):
os.path.dirname(__file__),
'fixtures/irmc_report_ok.xml'), "r") as report_ok:
self.report_ok_txt = report_ok.read()
self.report_ok_xml = ET.fromstring(self.report_ok_txt)
self.report_ok_xml = dET.fromstring(self.report_ok_txt)
with open(os.path.join(
os.path.dirname(__file__),
'fixtures/irmc_report_ng.xml'), "r") as report_ng:
self.report_ng_txt = report_ng.read()
self.report_ng_xml = ET.fromstring(self.report_ng_txt)
self.report_ng_xml = dET.fromstring(self.report_ng_txt)
self.irmc_address = '10.124.196.159'
self.irmc_username = 'admin'

Write Preview
Loading…
Cancel
Save