From cc6ceb45548e874e5d549bc61a8dea49685d7c27 Mon Sep 17 00:00:00 2001
From: Ashwin Das <ashwindasr@gmail.com>
Date: Mon, 3 Apr 2023 16:04:13 -0400
Subject: [PATCH] fix snyk errors

---
 doozerlib/constants.py | 2 +-
 doozerlib/dblib.py     | 6 +++---
 doozerlib/metadata.py  | 2 +-
 requirements.txt       | 1 +
 4 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/doozerlib/constants.py b/doozerlib/constants.py
index 8997974b9..f764fb974 100644
--- a/doozerlib/constants.py
+++ b/doozerlib/constants.py
@@ -15,7 +15,7 @@
 DB_HOST = "DOOZER_DB_HOST"
 DB_PORT = "DOOZER_DB_PORT"
 DB_USER = "DOOZER_DB_USER"
-DB_PWD = "DOOZER_DB_PASSWORD"
+DB_PWD_NAME = "DOOZER_DB_PASSWORD"
 DB_NAME = "DOOZER_DB_NAME"
 
 # default db parameters
diff --git a/doozerlib/dblib.py b/doozerlib/dblib.py
index d4670a891..bbca71bd4 100644
--- a/doozerlib/dblib.py
+++ b/doozerlib/dblib.py
@@ -52,7 +52,7 @@ def wrapper(*args, **kwargs):
                         db.connection = mysql_connector.connect(
                             host=os.getenv(constants.DB_HOST, constants.default_db_params[constants.DB_HOST]),
                             user=os.getenv(constants.DB_USER),
-                            password=os.getenv(constants.DB_PWD),
+                            password=os.getenv(constants.DB_PWD_NAME),
                             database=os.getenv(constants.DB_NAME, constants.default_db_params[constants.DB_NAME]))
                         break
                     except Exception as e:
@@ -105,7 +105,7 @@ def check_missing_db_env_var(self):
         and returns True.
         """
 
-        if not (constants.DB_USER in os.environ and constants.DB_PWD in os.environ):
+        if not (constants.DB_USER in os.environ and constants.DB_PWD_NAME in os.environ):
             self.runtime.logger.info("Environment variables required for db operation missing. Doozer will be running"
                                      "in no DB use mode.")
             return False
@@ -116,7 +116,7 @@ def check_missing_db_env_var(self):
         self.host = os.getenv(constants.DB_HOST, constants.default_db_params[constants.DB_HOST])
         self.port = os.getenv(constants.DB_PORT, constants.default_db_params[constants.DB_PORT])
         self.db = os.getenv(constants.DB_NAME, constants.default_db_params[constants.DB_NAME])
-        self.pwd = os.getenv(constants.DB_PWD)
+        self.pwd = os.getenv(constants.DB_PWD_NAME)
         self.db_user = os.getenv(constants.DB_USER)
 
         self.runtime.logger.info("Found all environment variables required for db setup.")
diff --git a/doozerlib/metadata.py b/doozerlib/metadata.py
index 31607d5a1..2b38bada4 100644
--- a/doozerlib/metadata.py
+++ b/doozerlib/metadata.py
@@ -8,7 +8,7 @@
 from collections import OrderedDict
 from enum import Enum
 from typing import Any, Dict, List, NamedTuple, Optional, Tuple, Union
-from xml.etree import ElementTree
+from defusedxml import ElementTree
 
 import dateutil.parser
 import requests
diff --git a/requirements.txt b/requirements.txt
index 678516430..32cdc2919 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,6 +2,7 @@ aiofiles
 bashlex
 click >= 8.1.3
 dockerfile-parse >= 0.0.13
+defusedxml
 future
 koji
 PyGitHub >= 1.46