sonic-buildimage

History

Mai Bui 95bb7f3b78 [device/ragile] Mitigation for security vulnerability (#11744 ) Signed-off-by: maipbui <maibui@microsoft.com> #### Why I did it The [xml.etree.ElementTree](https://docs.python.org/3/library/xml.etree.elementtree.html#module-xml.etree.ElementTree) module is not secure against maliciously constructed data. `os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content `subprocess.getstatusoutput` is dangerous because include shell=True in the implementation #### How I did it Remove xml. Use [lxml](https://pypi.org/project/lxml/) XML parsers package that prevent potentially malicious operation. Replace `os` by `subprocess` Use command as an array instead of string Use `getstatusoutput_noshell` in `sonic_py_common` lib		2022-11-29 11:54:37 -05:00
..
__init__.py	[platform/ragile] support ra-b6910-64c (#7950 )	2021-09-09 10:49:37 -07:00
chassis.py	[device/ragile] Mitigation for security vulnerability (#11744 )	2022-11-29 11:54:37 -05:00
common.py	[device/ragile] Mitigation for security vulnerability (#11744 )	2022-11-29 11:54:37 -05:00
eeprom.py	[platform/ragile] support ra-b6910-64c (#7950 )	2021-09-09 10:49:37 -07:00
fan_drawer.py	[platform/ragile] support ra-b6910-64c (#7950 )	2021-09-09 10:49:37 -07:00
fan.py	[platform/ragile] support ra-b6910-64c (#7950 )	2021-09-09 10:49:37 -07:00
platform.py	[platform/ragile] support ra-b6910-64c (#7950 )	2021-09-09 10:49:37 -07:00
psu.py	[platform/ragile] support ra-b6910-64c (#7950 )	2021-09-09 10:49:37 -07:00
sfp.py	[platform/ragile] support ra-b6910-64c (#7950 )	2021-09-09 10:49:37 -07:00
thermal.py	[platform/ragile] support ra-b6910-64c (#7950 )	2021-09-09 10:49:37 -07:00
watchdog.py	[platform/ragile] support ra-b6910-64c (#7950 )	2021-09-09 10:49:37 -07:00