Bandit [B411]: use defusedxml to prevent remote XML attacks
- putting xmlrpc stuff into koji.xmlrpcplus - adding koji.xmlrpcplus.xmlrpc_server to refer - replacing refs of original xmlrpc.client.dumps to enhanced koji.xmlrpcplus.dumps fixes: #3964
This commit is contained in:
Yu Ming Zhu
Tomas Kopecek
parent
a96b5a9b07
commit
f41b8c70a7
11 changed files with 46 additions and 38 deletions
|
|
@ -1,12 +1,12 @@
|
|||
#!/usr/bin/python3
|
||||
|
||||
import os
|
||||
import xmlrpc.client
|
||||
from optparse import OptionParser
|
||||
from koji.context import context
|
||||
|
||||
import koji
|
||||
import kojihub.db
|
||||
import koji.xmlrpcplus
|
||||
from kojihub.db import DeleteProcessor, QueryProcessor, BulkInsertProcessor
|
||||
|
||||
|
||||
|
|
@ -79,7 +79,7 @@ def clean_scratch_tasks(cursor, vacuum, test, age):
|
|||
task_id = row['id']
|
||||
request = row['request']
|
||||
try:
|
||||
params, _ = xmlrpc.client.loads(request)
|
||||
params, _ = koji.xmlrpcplus.xmlrpc_client.loads(request)
|
||||
opts = params[2]
|
||||
if opts['scratch']:
|
||||
ids.append(task_id)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue