Reviewed: https://review.openstack.org/519618 Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=21362156125cadc0cddbffdc911d15a29c949902 Submitter: Zuul Branch: master commit 21362156125cadc0cddbffdc911d15a29c949902 Author: lijing <lijing at gohighsec.com> Date: Tue Nov 14 18:59:29 2017 +0800 use defusedxml to avoid XML attack According to https://docs.openstack.org/bandit/latest/api/bandit.blacklists.html Using various XML methods to parse untrusted XML data is known to be vulnerable to XML attacks. Methods should be replaced with their defusedxml equivalents. Change-Id: Icdd807c8fd47ce0df3e292eef910e6e6e7610686 Partial-Bug: #1732155 -- You received this bug notification because you are a member of OpenStack Security SIG, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1732155 Title: bandit report: use defusedxml to avoid XML attack Status in Cinder: In Progress Status in OpenStack Security Advisory: Won't Fix Bug description: According to https://docs.openstack.org/bandit/latest/api/bandit.blacklists.html Using various XLM methods to parse untrusted XML data is known to be vulnerable to XML attacks. Methods should be replaced with their defusedxml equivalents. To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1732155/+subscriptions