Use defusedxml instead of standard xml
Because XML handling modules in xml Python standard library are vulnerable[1], we should use defusedxml[2] for parsing XML. [1] https://docs.python.org/3/library/xml.html#xml-vulnerabilities [2] https://pypi.org/project/defusedxml/ Change-Id: I8ff057ee64c04c4cd5c92abf3e31b52c6225ed76
This commit is contained in:
parent
8bf25f738d
commit
8e527de430
|
@ -6,6 +6,7 @@ Babel!=2.4.0,>=2.3.4 # BSD
|
||||||
pyghmi>=1.0.24 # Apache-2.0
|
pyghmi>=1.0.24 # Apache-2.0
|
||||||
pysnmp>=4.2.3 # BSD
|
pysnmp>=4.2.3 # BSD
|
||||||
requests>=2.14.2 # Apache-2.0
|
requests>=2.14.2 # Apache-2.0
|
||||||
|
defusedxml>=0.7.0 # PSF
|
||||||
six>=1.10.0 # MIT
|
six>=1.10.0 # MIT
|
||||||
oslo.utils>=3.33.0 # Apache-2.0
|
oslo.utils>=3.33.0 # Apache-2.0
|
||||||
oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
|
oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
|
||||||
|
|
|
@ -18,8 +18,8 @@ SCCI functionalities shared between different iRMC modules.
|
||||||
|
|
||||||
import functools
|
import functools
|
||||||
import time
|
import time
|
||||||
import xml.etree.ElementTree as ET
|
|
||||||
|
|
||||||
|
import defusedxml.ElementTree as ET
|
||||||
import requests
|
import requests
|
||||||
import six
|
import six
|
||||||
|
|
||||||
|
@ -487,7 +487,6 @@ def get_sensor_data_records(report):
|
||||||
"""
|
"""
|
||||||
|
|
||||||
sensor = report.find("./System/SensorDataRecords")
|
sensor = report.find("./System/SensorDataRecords")
|
||||||
# ET.dump(sensor[0])
|
|
||||||
return sensor
|
return sensor
|
||||||
|
|
||||||
|
|
||||||
|
@ -500,7 +499,6 @@ def get_irmc_version(report):
|
||||||
"""
|
"""
|
||||||
|
|
||||||
version = report.find("./System/ManagementControllers/iRMC")
|
version = report.find("./System/ManagementControllers/iRMC")
|
||||||
# ET.dump(version[0])
|
|
||||||
return version
|
return version
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -19,6 +19,7 @@ import os
|
||||||
import time
|
import time
|
||||||
import xml.etree.ElementTree as ET
|
import xml.etree.ElementTree as ET
|
||||||
|
|
||||||
|
import defusedxml.ElementTree as dET
|
||||||
import mock
|
import mock
|
||||||
from requests_mock.contrib import fixture as rm_fixture
|
from requests_mock.contrib import fixture as rm_fixture
|
||||||
import six
|
import six
|
||||||
|
@ -49,13 +50,13 @@ class SCCITestCase(testtools.TestCase):
|
||||||
os.path.dirname(__file__),
|
os.path.dirname(__file__),
|
||||||
'fixtures/irmc_report_ok.xml'), "r") as report_ok:
|
'fixtures/irmc_report_ok.xml'), "r") as report_ok:
|
||||||
self.report_ok_txt = report_ok.read()
|
self.report_ok_txt = report_ok.read()
|
||||||
self.report_ok_xml = ET.fromstring(self.report_ok_txt)
|
self.report_ok_xml = dET.fromstring(self.report_ok_txt)
|
||||||
|
|
||||||
with open(os.path.join(
|
with open(os.path.join(
|
||||||
os.path.dirname(__file__),
|
os.path.dirname(__file__),
|
||||||
'fixtures/irmc_report_ng.xml'), "r") as report_ng:
|
'fixtures/irmc_report_ng.xml'), "r") as report_ng:
|
||||||
self.report_ng_txt = report_ng.read()
|
self.report_ng_txt = report_ng.read()
|
||||||
self.report_ng_xml = ET.fromstring(self.report_ng_txt)
|
self.report_ng_xml = dET.fromstring(self.report_ng_txt)
|
||||||
|
|
||||||
self.irmc_address = '10.124.196.159'
|
self.irmc_address = '10.124.196.159'
|
||||||
self.irmc_username = 'admin'
|
self.irmc_username = 'admin'
|
||||||
|
|
Loading…
Reference in New Issue