github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-09-13 04:50:07 +00:00
Code Issues Projects Releases Wiki Activity

config-tools: replace xml.etree.ElementTree with defusedxml.ElementTree

Browse Source 
Using xml.etree.ElementTree to parse the untrusted data is known to
raise security issue. Replaced it using defusedxml.

Tracked-On: #6342
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
This commit is contained in:
Yang,Yu-chu
2021-07-29 14:02:50 -07:00
committed by wenlingz
parent c10ac227cc
commit 668ae81048
4 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
misc/config_tools/config_app/requirements
View File

@@ -2,3 +2,4 @@ Flask==1.1.1
flask_bootstrap==3.3.7.1
xmlschema==1.4.1
lxml==4.6.2
defusedxml==0.7.1

2
misc/config_tools/library/common.py
View File

@@ -8,7 +8,7 @@ import sys
import getopt
import shutil
import subprocess # nosec
import xml.etree.ElementTree as ET
import defusedxml.ElementTree as ET
import re
import lxml