Use defusedxml for xml parsing instead of etree

Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
nextcloud · Apr 27, 2022 · 7073746 · 7073746
1 parent 6eff01d
commit 7073746
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 3 deletions.
diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml
@@ -40,6 +40,9 @@ jobs:
                 with:
                     distribution: "temurin"
                     java-version: 11
+            -   name: Install dependencies
+                run: |
+                    python3 -m pip install defusedxml
             -   name: Run analysis wrapper
                 run: |
                     mkdir -p $HOME/.gradle

diff --git a/.gitignore b/.gitignore
@@ -50,4 +50,7 @@ fastlane/Fastfile
 **/fastlane/test_output
 /fastlane/vendor/
 /.bundle/
-/fastlane/.bundle/
+/fastlane/.bundle
+
+# python
+**/__pycache__/
diff --git a/scripts/analysis/spotbugsComparison.py b/scripts/analysis/spotbugsComparison.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 import argparse
-import xml.etree.ElementTree as ET
+import defusedxml.ElementTree as ET
 import spotbugsSummary
 
 

diff --git a/scripts/analysis/spotbugsSummary.py b/scripts/analysis/spotbugsSummary.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 import argparse
-import xml.etree.ElementTree as ET
+import defusedxml.ElementTree as ET
 
 
 def get_counts(tree):