Skip to content

Commit 56d0feb

Browse files
ZigRazorZigRazor
authored
Replaced xml.etree with defusedxml.ElementTree (#25)
* Corrected deppsource configuration for tests * Replaced xml.etree with defusedxml.ElementTree for security reasons Closed (BAN-B314) Use of an insecure method from `xml.etree.ElementTree` detected #20 Closed (BAN-B405) Import of method(s) from `xml.etree` detected #21
1 parent f2153ac commit 56d0feb

File tree

3 files changed

+8
-4
lines changed

3 files changed

+8
-4
lines changed

.deepsource.toml

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
version = 1
22

3-
test_patterns = ["tests/*.py"]
3+
test_patterns = ["tests/**"]
44

55
[[analyzers]]
66
name = "python"

setup.py

+6-2
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
from os.path import dirname
1111
from os.path import join
1212
from os.path import splitext
13+
import os
1314

1415
from setuptools import find_packages
1516
from setuptools import setup
@@ -35,9 +36,10 @@ def read(*names, **kwargs):
3536
author='ZigRazor',
3637
author_email='[email protected]',
3738
url='https://github.com/ZigRazor/PyStateMachine',
38-
packages=find_packages('src'),
39-
package_dir={'': 'src'},
39+
packages=[],
40+
package_dir={"" : "src"},
4041
py_modules=[splitext(basename(path))[0] for path in glob('src/*.py')],
42+
data_files=[('schema/',['schema/StateMachine.xsd'])],
4143
include_package_data=True,
4244
zip_safe=False,
4345
classifiers=[
@@ -70,9 +72,11 @@ def read(*names, **kwargs):
7072
],
7173
python_requires='>=3',
7274
install_requires=[
75+
'defusedxml>=0.7.1',
7376
# eg: 'aspectlib==1.1.1', 'six>=1.7',
7477
],
7578
extras_require={
79+
'defusedxml': ['defusedxml>=0.7.1'],
7680
# eg:
7781
# 'rst': ['docutils>=0.11'],
7882
# ':python_version=="2.6"': ['argparse'],

src/ReadStateMachine.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
from Action import Action
55
from Event import Event
66
from State import State
7-
import xml.etree.ElementTree as ET
7+
import defusedxml.ElementTree as ET
88

99

1010
def ReadStateMachineFile(xml_file : str):

0 commit comments

Comments
 (0)