matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
d504600c9f
sonic-buildimage/platform/broadcom/sonic-platform-modules-ragile
History
Mai Bui 6759ad27b5 [device/ragile] Mitigation for security vulnerability (#11744) 
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
The [xml.etree.ElementTree](https://docs.python.org/3/library/xml.etree.elementtree.html#module-xml.etree.ElementTree) module is not secure against maliciously constructed data.
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content
`subprocess.getstatusoutput` is dangerous because include shell=True in the implementation
#### How I did it
Remove xml. Use [lxml](https://pypi.org/project/lxml/) XML parsers package that prevent potentially malicious operation.
Replace `os` by `subprocess`
Use command as an array instead of string
Use `getstatusoutput_noshell` in `sonic_py_common` lib
2022-12-10 10:33:21 +08:00
..
common [device/ragile] Mitigation for security vulnerability (#11744) 2022-12-10 10:33:21 +08:00
debian [ragile] support 32c and 4s platform (#8824) 2021-11-17 23:49:06 -08:00
ra-b6510-32c [device/ragile] Mitigation for security vulnerability (#11744) 2022-12-10 10:33:21 +08:00
ra-b6510-48v8c [device/ragile] Mitigation for security vulnerability (#11744) 2022-12-10 10:33:21 +08:00
ra-b6910-64c [device/ragile] Mitigation for security vulnerability (#11744) 2022-12-10 10:33:21 +08:00
ra-b6920-4s [device/ragile] Mitigation for security vulnerability (#11744) 2022-12-10 10:33:21 +08:00
LICENSE [Platform/Ragile] Support RA-B6510-48v8c platform (#7620) 2021-06-03 10:51:01 -07:00