From 707374630921cf66bb90fe9123177c9c6c490498 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81lvaro=20Brey=20Vilas?= <alvaro.brey@nextcloud.com>
Date: Wed, 27 Apr 2022 11:03:59 +0200
Subject: [PATCH] Use defusedxml for xml parsing instead of etree
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
---
 .github/workflows/analysis.yml         | 3 +++
 .gitignore                             | 5 ++++-
 scripts/analysis/spotbugsComparison.py | 2 +-
 scripts/analysis/spotbugsSummary.py    | 2 +-
 4 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml
index 32dfa412be..e133d0bcf6 100644
--- a/.github/workflows/analysis.yml
+++ b/.github/workflows/analysis.yml
@@ -40,6 +40,9 @@ jobs:
                 with:
                     distribution: "temurin"
                     java-version: 11
+            -   name: Install dependencies
+                run: |
+                    python3 -m pip install defusedxml
             -   name: Run analysis wrapper
                 run: |
                     mkdir -p $HOME/.gradle
diff --git a/.gitignore b/.gitignore
index 0f5ed9813b..5dac70d588 100644
--- a/.gitignore
+++ b/.gitignore
@@ -50,4 +50,7 @@ fastlane/Fastfile
 **/fastlane/test_output
 /fastlane/vendor/
 /.bundle/
-/fastlane/.bundle/
+/fastlane/.bundle
+
+# python
+**/__pycache__/
diff --git a/scripts/analysis/spotbugsComparison.py b/scripts/analysis/spotbugsComparison.py
index 92ec7f80a5..cc85d868cd 100755
--- a/scripts/analysis/spotbugsComparison.py
+++ b/scripts/analysis/spotbugsComparison.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 import argparse
-import xml.etree.ElementTree as ET
+import defusedxml.ElementTree as ET
 import spotbugsSummary
 
 
diff --git a/scripts/analysis/spotbugsSummary.py b/scripts/analysis/spotbugsSummary.py
index 00724d5a4d..4fc886fa78 100755
--- a/scripts/analysis/spotbugsSummary.py
+++ b/scripts/analysis/spotbugsSummary.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 import argparse
-import xml.etree.ElementTree as ET
+import defusedxml.ElementTree as ET
 
 
 def get_counts(tree):