From e903952029fd9263c096f0d7fa573f6022d02552 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Mon, 20 Mar 2023 14:20:48 +0100
Subject: [PATCH] always use defusedxml.ElementTree, never
 xml.etree.ElementTree

defusedxml is now available and installed everywhere, including the
buildserver VM and the buildserver host.

This fixes bandit's error because it didn't understand the try: block
* https://gitlab.com/eighthave/fdroidserver/-/jobs/3965835264
* https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml
---
 fdroidserver/common.py | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index b633a4e7..df8d686c 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -51,11 +51,7 @@ import tempfile
 import json
 from pathlib import Path
 
-# TODO change to only import defusedxml once its installed everywhere
-try:
-    import defusedxml.ElementTree as XMLElementTree
-except ImportError:
-    import xml.etree.ElementTree as XMLElementTree  # nosec this is a fallback only
+import defusedxml.ElementTree as XMLElementTree
 
 from base64 import urlsafe_b64encode
 from binascii import hexlify