Replaces Huawei driver XML with defusedxml
Replaces Huawei driver's use of Python's native XML library methods with defusedxml's methods instead. The native library is vulnerable to XML attacks while defusedxml isn't. This also makes Bandit 3 issues happier. Change-Id: I27d1204ec7dafd3b578d1261c3fd2e371ae405fb
This commit is contained in:
parent
36549c8b97
commit
cb31307adf
|
@ -14,8 +14,7 @@
|
|||
# under the License.
|
||||
|
||||
"""Huawei Nas Driver for Huawei storage arrays."""
|
||||
from xml.etree import ElementTree as ET
|
||||
|
||||
from defusedxml import ElementTree as ET
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log
|
||||
from oslo_utils import importutils
|
||||
|
|
|
@ -17,8 +17,8 @@ import base64
|
|||
import copy
|
||||
import requests
|
||||
import time
|
||||
from xml.etree import ElementTree as ET
|
||||
|
||||
from defusedxml import ElementTree as ET
|
||||
from oslo_log import log
|
||||
from oslo_serialization import jsonutils
|
||||
|
||||
|
|
|
@ -25,8 +25,8 @@ from unittest import mock
|
|||
import xml.dom.minidom
|
||||
|
||||
import ddt
|
||||
from defusedxml import ElementTree as ET
|
||||
from oslo_serialization import jsonutils
|
||||
from xml.etree import ElementTree as ET
|
||||
|
||||
from manila.common import constants as common_constants
|
||||
from manila import context
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
pbr>=5.5.0 # Apache-2.0
|
||||
|
||||
alembic>=1.4.2 # MIT
|
||||
defusedxml>=0.7.1 # PSFL
|
||||
eventlet>=0.26.1 # MIT
|
||||
greenlet>=0.4.16 # MIT
|
||||
lxml>=4.5.2 # BSD
|
||||
|
|
Loading…
Reference in New Issue