From f925d9ca6b253fe980966ee6e09b302060b880b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Skytt=C3=A4?= Date: Sun, 30 Dec 2018 01:07:48 +0200 Subject: [PATCH] Use xml.etree through defusedxml (#19640) --- homeassistant/components/ihc/__init__.py | 7 ++++--- homeassistant/components/namecheapdns.py | 4 +++- homeassistant/components/sensor/ohmconnect.py | 5 ++++- requirements_all.txt | 3 +++ requirements_test_all.txt | 3 +++ 5 files changed, 17 insertions(+), 5 deletions(-) diff --git a/homeassistant/components/ihc/__init__.py b/homeassistant/components/ihc/__init__.py index fb82ee78504..b081f117919 100644 --- a/homeassistant/components/ihc/__init__.py +++ b/homeassistant/components/ihc/__init__.py @@ -6,7 +6,6 @@ https://home-assistant.io/components/ihc/ """ import logging import os.path -import xml.etree.ElementTree import voluptuous as vol @@ -24,7 +23,7 @@ from homeassistant.helpers import discovery import homeassistant.helpers.config_validation as cv from homeassistant.helpers.typing import HomeAssistantType -REQUIREMENTS = ['ihcsdk==2.2.0'] +REQUIREMENTS = ['ihcsdk==2.2.0', 'defusedxml==0.5.0'] _LOGGER = logging.getLogger(__name__) @@ -217,11 +216,13 @@ def get_manual_configuration( def autosetup_ihc_products(hass: HomeAssistantType, config, ihc_controller, controller_id): """Auto setup of IHC products from the IHC project file.""" + from defusedxml import ElementTree + project_xml = ihc_controller.get_project() if not project_xml: _LOGGER.error("Unable to read project from IHC controller") return False - project = xml.etree.ElementTree.fromstring(project_xml) + project = ElementTree.fromstring(project_xml) # if an auto setup file exist in the configuration it will override yaml_path = hass.config.path(AUTO_SETUP_YAML) diff --git a/homeassistant/components/namecheapdns.py b/homeassistant/components/namecheapdns.py index 32a5c318852..f817544ca77 100644 --- a/homeassistant/components/namecheapdns.py +++ b/homeassistant/components/namecheapdns.py @@ -14,6 +14,8 @@ from homeassistant.const import CONF_HOST, CONF_PASSWORD, CONF_DOMAIN from homeassistant.helpers.event import async_track_time_interval from homeassistant.helpers.aiohttp_client import async_get_clientsession +REQUIREMENTS = ['defusedxml==0.5.0'] + _LOGGER = logging.getLogger(__name__) DOMAIN = 'namecheapdns' @@ -55,7 +57,7 @@ async def async_setup(hass, config): async def _update_namecheapdns(session, host, domain, password): """Update namecheap DNS entry.""" - import xml.etree.ElementTree as ET + import defusedxml.ElementTree as ET params = { 'host': host, diff --git a/homeassistant/components/sensor/ohmconnect.py b/homeassistant/components/sensor/ohmconnect.py index be73cbcf042..3487cab2fcd 100644 --- a/homeassistant/components/sensor/ohmconnect.py +++ b/homeassistant/components/sensor/ohmconnect.py @@ -6,7 +6,6 @@ https://home-assistant.io/components/sensor.ohmconnect/ """ import logging from datetime import timedelta -import xml.etree.ElementTree as ET import requests import voluptuous as vol @@ -17,6 +16,8 @@ import homeassistant.helpers.config_validation as cv from homeassistant.util import Throttle from homeassistant.helpers.entity import Entity +REQUIREMENTS = ['defusedxml==0.5.0'] + _LOGGER = logging.getLogger(__name__) CONF_ID = 'id' @@ -68,6 +69,8 @@ class OhmconnectSensor(Entity): @Throttle(MIN_TIME_BETWEEN_UPDATES) def update(self): """Get the latest data from OhmConnect.""" + import defusedxml.ElementTree as ET + try: url = ("https://login.ohmconnect.com" "/verify-ohm-hour/{}").format(self._ohmid) diff --git a/requirements_all.txt b/requirements_all.txt index 88ae52818f4..807d48f2f21 100644 --- a/requirements_all.txt +++ b/requirements_all.txt @@ -295,7 +295,10 @@ datapoint==0.4.3 # homeassistant.components.light.decora_wifi # decora_wifi==1.3 +# homeassistant.components.ihc +# homeassistant.components.namecheapdns # homeassistant.components.device_tracker.upc_connect +# homeassistant.components.sensor.ohmconnect defusedxml==0.5.0 # homeassistant.components.sensor.deluge diff --git a/requirements_test_all.txt b/requirements_test_all.txt index acb4d13769b..10c1b12b7b3 100644 --- a/requirements_test_all.txt +++ b/requirements_test_all.txt @@ -52,7 +52,10 @@ caldav==0.5.0 # homeassistant.components.sensor.coinmarketcap coinmarketcap==5.0.3 +# homeassistant.components.ihc +# homeassistant.components.namecheapdns # homeassistant.components.device_tracker.upc_connect +# homeassistant.components.sensor.ohmconnect defusedxml==0.5.0 # homeassistant.components.sensor.dsmr