95bb7f3b78
Signed-off-by: maipbui <maibui@microsoft.com> #### Why I did it The [xml.etree.ElementTree](https://docs.python.org/3/library/xml.etree.elementtree.html#module-xml.etree.ElementTree) module is not secure against maliciously constructed data. `os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content `subprocess.getstatusoutput` is dangerous because include shell=True in the implementation #### How I did it Remove xml. Use [lxml](https://pypi.org/project/lxml/) XML parsers package that prevent potentially malicious operation. Replace `os` by `subprocess` Use command as an array instead of string Use `getstatusoutput_noshell` in `sonic_py_common` lib |
||
---|---|---|
.. | ||
cancun | ||
pddf | ||
plugins | ||
RA-B6510-32C | ||
bcm_pre.rc | ||
bcm.rc | ||
custom_led.bin | ||
default_sku | ||
dev.xml | ||
fantlv.py | ||
fru.py | ||
installer.conf | ||
led_proc_init.soc | ||
linkscan_led.bin | ||
minigraph.xml | ||
monitor.py | ||
pddf_support | ||
platform_asic | ||
pmon_daemon_control.json | ||
sensors.conf | ||
systest.py |