From a63af721420be4eef9fff7d715d17fb25838e9df Mon Sep 17 00:00:00 2001 From: Mai Bui Date: Tue, 23 Aug 2022 09:48:42 -0400 Subject: [PATCH] [device/ruijie] Mitigation for security vulnerability #11779 Signed-off-by: maipbui maibui@microsoft.com Why I did it The xml.etree.ElementTree module is not secure against maliciously constructed data. How I did it Remove xml. Use lxml XML parsers package that prevent potentially malicious operation. --- device/ruijie/x86_64-ruijie_b6510-48vs8cq-r0/monitor.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/device/ruijie/x86_64-ruijie_b6510-48vs8cq-r0/monitor.py b/device/ruijie/x86_64-ruijie_b6510-48vs8cq-r0/monitor.py index f9cbb31be4..103a2f30ac 100755 --- a/device/ruijie/x86_64-ruijie_b6510-48vs8cq-r0/monitor.py +++ b/device/ruijie/x86_64-ruijie_b6510-48vs8cq-r0/monitor.py @@ -6,8 +6,8 @@ * PSU """ import os -import xml.etree.ElementTree as ET import glob +from lxml import etree as ET MAILBOX_DIR = "/sys/bus/i2c/devices/" PORTS_DIR = "/sys/class/net/"