mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-11-04 22:40:29 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

always use defusedxml.ElementTree, never xml.etree.ElementTree

Browse source 
defusedxml is now available and installed everywhere, including the
buildserver VM and the buildserver host.

This fixes bandit's error because it didn't understand the try: block
* https://gitlab.com/eighthave/fdroidserver/-/jobs/3965835264
* https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml
This commit is contained in:
Hans-Christoph Steiner 2023-03-20 14:20:48 +01:00
parent 4295d254f9
commit e903952029
1 changed files with 1 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
fdroidserver/common.py
View file

@ -51,11 +51,7 @@ import tempfile
import json
from pathlib import Path
# TODO change to only import defusedxml once its installed everywhere
try:
import defusedxml.ElementTree as XMLElementTree
except ImportError:
import xml.etree.ElementTree as XMLElementTree # nosec this is a fallback only
import defusedxml.ElementTree as XMLElementTree
from base64 import urlsafe_b64encode
from binascii import hexlify