Switch to defusedxml for xml parsing
xml.etree.ElementTree.fromstring is considered insecure, see: https://docs.python.org/3/library/xml.etree.elementtree.html The defusedxml package contains several Python-only workarounds and fixes for denial of service and other vulnerabilities in Python's XML libraries: https://github.com/tiran/defusedxml Fixes #670main
parent
f7e3650728
commit
2a0ad8796c
|
@ -1,6 +1,6 @@
|
|||
from app.models.config import Config
|
||||
from datetime import datetime
|
||||
import xml.etree.ElementTree as ET
|
||||
from defusedxml import ElementTree as ET
|
||||
import random
|
||||
import requests
|
||||
from requests import Response, ConnectionError
|
||||
|
|
|
@ -6,6 +6,7 @@ cffi==1.15.0
|
|||
chardet==3.0.4
|
||||
click==8.0.3
|
||||
cryptography==3.3.2
|
||||
defusedxml==0.7.1
|
||||
Flask==1.1.1
|
||||
Flask-Session==0.4.0
|
||||
idna==2.9
|
||||
|
|
Loading…
Reference in New Issue