misc: Bandit scan issue for lxml

This patch is to fix Bandit scan issue b313-b320 which is vulnerable to XML attacks when parsing untrusted XML data. I replace lxml.etree with the equivalent defusedxml package. I confirm it works after making a Bandit scan, building the configurator and compiling the acrn. Signed-off-by: dongpingx <dongpingx.wu@intel.com> Tracked-On: #8717
2025-11-21 14:03:34 +00:00 · 2024-08-28 16:42:02 +08:00
parent 8c8dfdca9a
commit 6f96614e6f
16 changed files with 53 additions and 49 deletions
--- a/misc/config_tools/library/launch_cfg_lib.py
+++ b/misc/config_tools/library/launch_cfg_lib.py
@@ -11,7 +11,7 @@ import acrn_config_utilities
 import board_cfg_lib
 import scenario_cfg_lib
 import lxml
-import lxml.etree
+from defusedxml.lxml import parse

 ERR_LIST = {}
 BOOT_TYPE = ['no', 'ovmf']
@@ -673,7 +673,7 @@ def check_communication_vuart(launch_communication_vuarts, scenario_info):
                return

 def check_enable_ptm(launch_enable_ptm, scenario_info):
-    scenario_etree = lxml.etree.parse(scenario_info)
+    scenario_etree = parse(scenario_info)
    enable_ptm_vm_list = scenario_etree.xpath("//vm[PTM = 'y']/@id")
    for user_vmid, enable_ptm in launch_enable_ptm.items():
        key = 'user_vm:id={},enable_ptm'.format(user_vmid)