| commit | 76db176c7ee01adda0369793af2fecbd07f67d51 | [log] [tgz] |
|---|---|---|
| author | jskunda <jskunda@redhat.com> | Thu Sep 29 11:14:34 2022 +0000 |
| committer | jskunda <jskunda@redhat.com> | Mon Oct 10 12:39:23 2022 +0000 |
| tree | 4baa32d0ee092cfa83449c6e6d732e86b5346ea7 | |
| parent | 4ff6f153b11575b1acad34655310b68dfc9fba93 [diff] |
Fix security vulnerabilities using Bandit Tempest was using: -python module xml.etree[1], It was vulnerable to different atacks. Instead of xml.etree.ElementTree tempest is now using defusedxml.ElementTree which is more secure. [1] https://bandit.readthedocs.io/en/1.7.0/blacklists/blacklist_calls.html B313 Change-Id: I50a8ab3c3be2decccd7480ecf00f1a3e4a75f172
diff --git a/requirements.txt b/requirements.txt index c4c7fcc..a118856 100644 --- a/requirements.txt +++ b/requirements.txt
@@ -21,3 +21,4 @@ PrettyTable>=0.7.1 # BSD urllib3>=1.21.1 # MIT debtcollector>=1.2.0 # Apache-2.0 +defusedxml>=0.7.1 # PSFL
diff --git a/tempest/lib/services/object_storage/account_client.py b/tempest/lib/services/object_storage/account_client.py index 52b2534..d7ce526 100644 --- a/tempest/lib/services/object_storage/account_client.py +++ b/tempest/lib/services/object_storage/account_client.py
@@ -14,8 +14,8 @@ # under the License. from urllib import parse as urllib -from xml.etree import ElementTree as etree +from defusedxml import ElementTree as etree from oslo_serialization import jsonutils as json from tempest.lib.common import rest_client
diff --git a/tempest/lib/services/object_storage/container_client.py b/tempest/lib/services/object_storage/container_client.py index 6d07ec1..ee87726 100644 --- a/tempest/lib/services/object_storage/container_client.py +++ b/tempest/lib/services/object_storage/container_client.py
@@ -14,9 +14,9 @@ # under the License. from urllib import parse as urllib -from xml.etree import ElementTree as etree import debtcollector.moves +from defusedxml import ElementTree as etree from oslo_serialization import jsonutils as json from tempest.lib.common import rest_client