evlli/hass-core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

using defusedxml ElementTree for safer parsing of untrusted XML data (#9934)

Browse source 
* using defusexml ElementTree for safer parsing of untrusted XML data

* move from core dependency to platform specific dependency

* style difference: put back end of list comma in setup.py
This commit is contained in:
Daniel Welch 2017-10-18 10:21:46 -04:00 committed by Pascal Vizeli
parent 587948ec06
commit 1bec2c005d
4 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
homeassistant/components/device_tracker/upc_connect.py
View file

@ -6,7 +6,6 @@ https://home-assistant.io/components/device_tracker.upc_connect/
"""
import asyncio
import logging
import xml.etree.ElementTree as ET
import aiohttp
import async_timeout
@ -19,6 +18,8 @@ from homeassistant.const import CONF_HOST
from homeassistant.helpers.aiohttp_client import async_get_clientsession
REQUIREMENTS = ['defusedxml==0.5.0']
_LOGGER = logging.getLogger(__name__)
DEFAULT_IP = '192.168.0.1'
@ -63,6 +64,8 @@ class UPCDeviceScanner(DeviceScanner):
@asyncio.coroutine
def async_scan_devices(self):
"""Scan for new devices and return a list with found device IDs."""
import defusedxml.ElementTree as ET
if self.token is None:
token_initialized = yield from self.async_initialize_token()
if not token_initialized:

3
requirements_all.txt
View file

@ -177,6 +177,9 @@ datapoint==0.4.3
# homeassistant.components.light.decora_wifi
# decora_wifi==1.3
# homeassistant.components.device_tracker.upc_connect
defusedxml==0.5.0
# homeassistant.components.media_player.denonavr
denonavr==0.5.4

3
requirements_test_all.txt
View file

@ -36,6 +36,9 @@ aiohttp_cors==0.5.3
# homeassistant.components.notify.apns
apns2==0.1.1
# homeassistant.components.device_tracker.upc_connect
defusedxml==0.5.0
# homeassistant.components.sensor.dsmr
dsmr_parser==0.11

1
script/gen_requirements_all.py
View file

@ -37,6 +37,7 @@ TEST_REQUIREMENTS = (
'aioautomatic',
'aiohttp_cors',
'apns2',
'defusedxml',
'dsmr_parser',
'ephem',
'evohomeclient',