This patch is to fix Bandit scan issue b313-b320 which is vulnerable to
XML attacks when parsing untrusted XML data.
I replace lxml.etree with the equivalent defusedxml package.
I confirm it works after making a Bandit scan, building the configurator
and compiling the acrn.
Signed-off-by: dongpingx <dongpingx.wu@intel.com>
Tracked-On: #8717
There is an increasing demand of composing different operations around XML
schemas and/or data in different ways for different purpose. Today we
already have:
- Validate XML data, which takes XML schemas and data (board and
scenario) as inputs.
- Fill in missing nodes in XML data with default values, which takes XML
schema and data (scenario only) as inputs.
In the near future we'll extend the operations around XMLs by introducing
XML schema preprocessing and XML data upgrading, adding more possibilities
to construct a larger operation by composing smaller ones.
In order for minimized code repetition and easier composition, this patch
introduces an infrasturcture that abstracts each operation as a pipeline
stage. Each stage defines its own inputs and outputs and can be composed
sequentially as a larger, single operation.
The existing operations listed above, along with XML file loaders, are then
refactored to provide pipeline stages. The main methods are also refined to
complete their tasks by constructing and invoking pipelines.
Tracked-On: #6690
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
