From 0f4bca426eb0356fc88dc87c355a17ef4b85dfe1 Mon Sep 17 00:00:00 2001
From: Mai Bui <maibui@microsoft.com>
Date: Tue, 23 Aug 2022 09:48:42 -0400
Subject: [PATCH] [device/ruijie] Mitigation for security vulnerability #11779

Signed-off-by: maipbui maibui@microsoft.com
Why I did it
The xml.etree.ElementTree module is not secure against maliciously constructed data.
How I did it
Remove xml. Use lxml XML parsers package that prevent potentially malicious operation.
---
 device/ruijie/x86_64-ruijie_b6510-48vs8cq-r0/monitor.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/device/ruijie/x86_64-ruijie_b6510-48vs8cq-r0/monitor.py b/device/ruijie/x86_64-ruijie_b6510-48vs8cq-r0/monitor.py
index f9cbb31be4..103a2f30ac 100755
--- a/device/ruijie/x86_64-ruijie_b6510-48vs8cq-r0/monitor.py
+++ b/device/ruijie/x86_64-ruijie_b6510-48vs8cq-r0/monitor.py
@@ -6,8 +6,8 @@
 * PSU
 """
 import os
-import xml.etree.ElementTree as ET
 import glob
+from lxml import etree as ET
 
 MAILBOX_DIR = "/sys/bus/i2c/devices/"
 PORTS_DIR = "/sys/class/net/"