sonic-buildimage/device/ragile/x86_64-ragile_ra-b6910-64c-r0/plugins
Mai Bui 95bb7f3b78
[device/ragile] Mitigation for security vulnerability (#11744)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
The [xml.etree.ElementTree](https://docs.python.org/3/library/xml.etree.elementtree.html#module-xml.etree.ElementTree) module is not secure against maliciously constructed data.
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content
`subprocess.getstatusoutput` is dangerous because include shell=True in the implementation
#### How I did it
Remove xml. Use [lxml](https://pypi.org/project/lxml/) XML parsers package that prevent potentially malicious operation.
Replace `os` by `subprocess`
Use command as an array instead of string
Use `getstatusoutput_noshell` in `sonic_py_common` lib
2022-11-29 11:54:37 -05:00
..
eeprom.py [platform/ragile] support ra-b6910-64c (#7950) 2021-09-09 10:49:37 -07:00
fanutil.py [device/ragile] Mitigation for security vulnerability (#11744) 2022-11-29 11:54:37 -05:00
ledutil.py [platform/ragile] support ra-b6910-64c (#7950) 2021-09-09 10:49:37 -07:00
psuutil.py [platform/ragile] support ra-b6910-64c (#7950) 2021-09-09 10:49:37 -07:00
sfputil.py [platform/ragile] support ra-b6910-64c (#7950) 2021-09-09 10:49:37 -07:00
sysstatutil.py [platform/ragile] support ra-b6910-64c (#7950) 2021-09-09 10:49:37 -07:00
thermalutil.py [platform/ragile] support ra-b6910-64c (#7950) 2021-09-09 10:49:37 -07:00