evlli/hass-core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

using defusedxml ElementTree for safer parsing of untrusted XML data (#9934)

Browse source 
* using defusexml ElementTree for safer parsing of untrusted XML data

* move from core dependency to platform specific dependency

* style difference: put back end of list comma in setup.py
This commit is contained in:
Daniel Welch 2017-10-18 10:21:46 -04:00 committed by Pascal Vizeli
parent 587948ec06
commit 1bec2c005d
4 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
homeassistant/components/device_tracker/upc_connect.py
View file

@ -6,7 +6,6 @@ https://home-assistant.io/components/device_tracker.upc_connect/
"""
import asyncio
import logging
import xml.etree.ElementTree as ET
import aiohttp
import async_timeout
@ -19,6 +18,8 @@ from homeassistant.const import CONF_HOST
from homeassistant.helpers.aiohttp_client import async_get_clientsession
REQUIREMENTS = ['defusedxml==0.5.0']
_LOGGER = logging.getLogger(__name__)
DEFAULT_IP = '192.168.0.1'
@ -63,6 +64,8 @@ class UPCDeviceScanner(DeviceScanner):
@asyncio.coroutine
def async_scan_devices(self):
"""Scan for new devices and return a list with found device IDs."""
import defusedxml.ElementTree as ET
if self.token is None:
token_initialized = yield from self.async_initialize_token()
if not token_initialized: