matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
dd88006589
sonic-buildimage/platform
History
Mai Bui 6759ad27b5 [device/ragile] Mitigation for security vulnerability (#11744) 
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
The [xml.etree.ElementTree](https://docs.python.org/3/library/xml.etree.elementtree.html#module-xml.etree.ElementTree) module is not secure against maliciously constructed data.
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content
`subprocess.getstatusoutput` is dangerous because include shell=True in the implementation
#### How I did it
Remove xml. Use [lxml](https://pypi.org/project/lxml/) XML parsers package that prevent potentially malicious operation.
Replace `os` by `subprocess`
Use command as an array instead of string
Use `getstatusoutput_noshell` in `sonic_py_common` lib
2022-12-10 10:33:21 +08:00
..
barefoot [Arista] Update platform library submodules (#12736) 2022-12-10 10:33:21 +08:00
broadcom [device/ragile] Mitigation for security vulnerability (#11744) 2022-12-10 10:33:21 +08:00
cavium Parallel building of sonic dockers using native dockerd(dood). (#10352) 2022-04-28 08:39:37 +08:00
centec Update Linux kernel from 5.10.103 to 5.10.140 (#12660) 2022-11-14 16:33:34 -08:00
centec-arm64 [centec][arm64] fix tsingma bsp compile error (#12774) (#12944) 2022-12-05 22:03:13 +08:00
checkout Platform/cisco-8000 module for sonic-buildimage (#8172) 2021-08-06 09:11:54 +08:00
components [gbsyncd] Enable debug shell for BRCM broncos PHY (#12622) 2022-11-08 17:58:25 -08:00
generic [dockers] Rename 'docker-snmp-sv2' to 'docker-snmp' (#4699) 2020-06-11 16:04:23 -07:00
innovium Revert "Support for serdes platform library debian installation for Innovium SONiC image (#11920)" (#12227) 2022-09-29 17:12:20 -07:00
marvell [bcm sai] upgrade Broadcom SAI to 7.1.0.0-5 (#11236) 2022-06-23 15:34:51 -07:00
marvell-arm64 Support symcrypt fips config for aboot/uboot (#10729) 2022-06-02 15:35:17 +08:00
marvell-armhf [Marvell] Move armhf syncd docker to bullseye. (#12585) 2022-11-17 22:17:37 +08:00
mellanox [Mellanox] Add support to Mellanox Spectrum-4 ASIC Firmware compiling and upgrade (#12844) 2022-12-10 10:33:21 +08:00
nephos Parallel building of sonic dockers using native dockerd(dood). (#10352) 2022-04-28 08:39:37 +08:00
p4 Parallel building of sonic dockers using native dockerd(dood). (#10352) 2022-04-28 08:39:37 +08:00
pddf Adding support for get/set low power mode for QSFPs in PDDF common APIs (#11786) 2022-09-09 14:33:12 -07:00
template Mount directory warmboot in docker gbsyncd (#11852) 2022-08-26 22:00:45 +08:00
vs [SAI PTF] SAI PTF docker support sai-ptf v2 (#12719) 2022-11-17 04:42:51 -08:00