Switch to defusedxml for xml parsing
xml.etree.ElementTree.fromstring is considered insecure, see: https://docs.python.org/3/library/xml.etree.elementtree.html The defusedxml package contains several Python-only workarounds and fixes for denial of service and other vulnerabilities in Python's XML libraries: https://github.com/tiran/defusedxml Fixes #670main
parent
f7e3650728
commit
2a0ad8796c
|
@ -1,6 +1,6 @@
|
||||||
from app.models.config import Config
|
from app.models.config import Config
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
import xml.etree.ElementTree as ET
|
from defusedxml import ElementTree as ET
|
||||||
import random
|
import random
|
||||||
import requests
|
import requests
|
||||||
from requests import Response, ConnectionError
|
from requests import Response, ConnectionError
|
||||||
|
|
|
@ -6,6 +6,7 @@ cffi==1.15.0
|
||||||
chardet==3.0.4
|
chardet==3.0.4
|
||||||
click==8.0.3
|
click==8.0.3
|
||||||
cryptography==3.3.2
|
cryptography==3.3.2
|
||||||
|
defusedxml==0.7.1
|
||||||
Flask==1.1.1
|
Flask==1.1.1
|
||||||
Flask-Session==0.4.0
|
Flask-Session==0.4.0
|
||||||
idna==2.9
|
idna==2.9
|
||||||
|
|
Loading…
Reference in New Issue