Cleanup reported issues#364
Conversation
chennes
force-pushed
the
miscSmallCleanup
branch
from
1356041 to
2d2fbe2
Compare
There was a problem hiding this comment.
Pull request overview
This pull request performs security and compatibility cleanup by removing backward-compatibility code. It enforces the use of defusedxml for secure XML parsing (removing the fallback to the standard library's potentially vulnerable XML parser) and drops Python 3.8 compatibility for SHA1 hash generation. Additionally, it adds URL scheme validation to ensure only HTTP(S) URLs are processed, strengthening security posture.
Changes:
- Removed try/except fallback from defusedxml to xml.etree.ElementTree, making defusedxml mandatory
- Removed Python 3.8 compatibility code for SHA1 hash generation with
usedforsecurity=Falseparameter - Added URL scheme validation to reject non-HTTP(S) schemes in
blocking_get()and translation API requests
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| addonmanager_workers_startup.py | Changed import to use ParseError alias, removed Python 3.8 SHA1 fallback code |
| addonmanager_utilities.py | Added URL scheme validation to reject non-HTTP(S) URLs |
| addonmanager_metadata.py | Removed fallback import, now requires defusedxml |
| addonmanager_icon_utilities.py | Removed fallback import, now requires defusedxml |
| Resources/translations/run_translation_cycle.py | Added HTTPS validation for API requests and download URLs |
| AddonCatalogCacheCreator.py | Changed import to use ParseError alias |
| AddonCatalog.py | Changed import to use ParseError alias |
| Addon.py | Changed import to use ParseError alias |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
chennes
force-pushed
the
miscSmallCleanup
branch
from
2d2fbe2 to
aaf98c9
Compare
chennes
added
the
release to main
|
Backport failed for Please cherry-pick the changes locally and resolve any conflicts. git fetch origin main
git worktree add -d .worktree/backport-364-to-main origin/main
cd .worktree/backport-364-to-main
git switch --create backport-364-to-main
git cherry-pick -x 157e586cc699aa501865684308ef44f71466519d 6ea54077a3eb5a6494f0483a009a399430fb7eaf |
1 similar comment
|
Backport failed for Please cherry-pick the changes locally and resolve any conflicts. git fetch origin main
git worktree add -d .worktree/backport-364-to-main origin/main
cd .worktree/backport-364-to-main
git switch --create backport-364-to-main
git cherry-pick -x 157e586cc699aa501865684308ef44f71466519d 6ea54077a3eb5a6494f0483a009a399430fb7eaf |
Remove fallback to regular Python XML parser, forcing use of
defusedxml, and eliminate backwards-compatibility of SHA1 generator for Python 3.8, adding theusedforsecurity=Falseflag.