matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[device/ruijie] Mitigation for security vulnerability #11779

Browse Source 
Signed-off-by: maipbui maibui@microsoft.com
Why I did it
The xml.etree.ElementTree module is not secure against maliciously constructed data.
How I did it
Remove xml. Use lxml XML parsers package that prevent potentially malicious operation.
This commit is contained in:
Mai Bui 2022-08-23 09:48:42 -04:00 committed by GitHub
parent fb774dd46a
commit 0f4bca426e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
device/ruijie/x86_64-ruijie_b6510-48vs8cq-r0/monitor.py
View File

@ -6,8 +6,8 @@
* PSU * PSU
""" """
import os import os
import xml.etree.ElementTree as ET
import glob import glob
from lxml import etree as ET
MAILBOX_DIR = "/sys/bus/i2c/devices/" MAILBOX_DIR = "/sys/bus/i2c/devices/"
PORTS_DIR = "/sys/class/net/" PORTS_DIR = "/sys/class/net/"