udhayprakash · pixeebot · Apr 20, 2025 · pixeebot · Apr 20, 2025
diff --git a/pyproject.toml b/pyproject.toml
@@ -13,6 +13,7 @@ pytest = "^7.1.3"
 requests = "^2.28.1"
 jupyter = "^1.0.0"
 ipython = "^8.5.0"
+defusedxml = "==0.7.1"
 
 
 [tool.poetry.group.dev.dependencies]

diff --git a/python3/11_File_Operations/02_structured_files/02_xml/01_xml/a_write_xml.py b/python3/11_File_Operations/02_structured_files/02_xml/01_xml/a_write_xml.py
@@ -22,7 +22,7 @@
 # print(dir(xml))
 
 import xml.etree.ElementTree as ET
-from xml.dom import minidom
+import defusedxml.minidom
 
 # print(dir(ET))
 
@@ -42,7 +42,7 @@
 print()
 
 
-result_str2 = minidom.parseString(
+result_str2 = defusedxml.minidom.parseString(
     ET.tostring(root)
 ).toprettyxml()
 

diff --git a/python3/11_File_Operations/02_structured_files/02_xml/01_xml/c_parse_xml.py b/python3/11_File_Operations/02_structured_files/02_xml/01_xml/c_parse_xml.py
@@ -1,11 +1,10 @@
 """
 Purpose: Reading(Parsing) XML
 """
-
-import xml.etree.ElementTree as ET
 from pprint import pp
+import defusedxml.ElementTree
 
-tree = ET.parse("books.xml")
+tree = defusedxml.ElementTree.parse("books.xml")
 
 # print(dir(tree))
 

diff --git a/python3/11_File_Operations/02_structured_files/02_xml/01_xml/d_parse_xml_string.py b/python3/11_File_Operations/02_structured_files/02_xml/01_xml/d_parse_xml_string.py
@@ -1,8 +1,7 @@
 """
 Purpose: To parse(read) xml string
 """
-
-import xml.etree.ElementTree as ET
+import defusedxml.ElementTree
 
 input_string = """
 <stuff>
@@ -18,7 +17,7 @@
     </users>
 </stuff>"""
 
-stuff_tree = ET.fromstring(input_string)
+stuff_tree = defusedxml.ElementTree.fromstring(input_string)
 
 nodes = stuff_tree.findall("users")  # child level
 print(nodes)

diff --git a/python3/11_File_Operations/02_structured_files/02_xml/01_xml/e_parse_xml_string.py b/python3/11_File_Operations/02_structured_files/02_xml/01_xml/e_parse_xml_string.py
@@ -1,6 +1,6 @@
 #!/usr/bin/python3
 
-import xml.etree.ElementTree as ElementTree
+import defusedxml.ElementTree
 
 data = """
 <person>
@@ -11,6 +11,6 @@
    <email hide="yes"/>
 </person>"""
 
-tree = ElementTree.fromstring(data)
+tree = defusedxml.ElementTree.fromstring(data)
 print("Name:", tree.find("name").text)
 print("Attr:", tree.find("email").get("hide"))
diff --git a/...rvices/c_REST/a_consuming_APIs/02_requests/requests-workshop-master/answers/answers_05.py b/...rvices/c_REST/a_consuming_APIs/02_requests/requests-workshop-master/answers/answers_05.py
@@ -1,6 +1,7 @@
 import xml.etree.ElementTree as et
 
 import requests
+import defusedxml.ElementTree
 
 
 # Exercise 5.1
@@ -14,7 +15,7 @@ def test_check_root_of_xml_response():
     response = requests.get(
         "http://parabank.parasoft.com/parabank/services/bank/accounts/12345", timeout=60
     )
-    response_body_as_xml = et.fromstring(response.content)
+    response_body_as_xml = defusedxml.ElementTree.fromstring(response.content)
     xml_tree = et.ElementTree(response_body_as_xml)
     root = xml_tree.getroot()
     assert root.tag == "account"
@@ -32,7 +33,7 @@ def test_check_specific_element_of_xml_response():
     response = requests.get(
         "http://parabank.parasoft.com/parabank/services/bank/accounts/12345", timeout=60
     )
-    response_body_as_xml = et.fromstring(response.content)
+    response_body_as_xml = defusedxml.ElementTree.fromstring(response.content)
     xml_tree = et.ElementTree(response_body_as_xml)
     first_name = xml_tree.find("customerId")
     assert first_name.text == "12212"
@@ -49,7 +50,7 @@ def test_check_number_of_accounts_for_12212_greater_than_five():
         "http://parabank.parasoft.com/parabank/services/bank/customers/12212/accounts",
         timeout=60,
     )
-    response_body_as_xml = et.fromstring(response.content)
+    response_body_as_xml = defusedxml.ElementTree.fromstring(response.content)
     xml_tree = et.ElementTree(response_body_as_xml)
     accounts = xml_tree.findall(".//account")
     assert len(accounts) > 5
@@ -66,7 +67,7 @@ def test_use_xpath_for_more_sophisticated_checks():
         "http://parabank.parasoft.com/parabank/services/bank/customers/12212/accounts",
         timeout=60,
     )
-    response_body_as_xml = et.fromstring(response.content)
+    response_body_as_xml = defusedxml.ElementTree.fromstring(response.content)
     xml_tree = et.ElementTree(response_body_as_xml)
     savings_accounts = xml_tree.findall(".//account/type[.='SAVINGS']")
     assert len(savings_accounts) > 1

diff --git a/...ices/c_REST/a_consuming_APIs/02_requests/requests-workshop-master/examples/examples_05.py b/...ices/c_REST/a_consuming_APIs/02_requests/requests-workshop-master/examples/examples_05.py
@@ -1,14 +1,15 @@
 import xml.etree.ElementTree as et
 
 import requests
+import defusedxml.ElementTree
 
 
 def test_check_root_of_xml_response():
     response = requests.get(
         "http://parabank.parasoft.com/parabank/services/bank/customers/12212",
         timeout=60,
     )
-    response_body_as_xml = et.fromstring(response.content)
+    response_body_as_xml = defusedxml.ElementTree.fromstring(response.content)
     xml_tree = et.ElementTree(response_body_as_xml)
     root = xml_tree.getroot()
     assert root.tag == "customer"
@@ -20,7 +21,7 @@ def test_check_specific_element_of_xml_response():
         "http://parabank.parasoft.com/parabank/services/bank/customers/12212",
         timeout=60,
     )
-    response_body_as_xml = et.fromstring(response.content)
+    response_body_as_xml = defusedxml.ElementTree.fromstring(response.content)
     xml_tree = et.ElementTree(response_body_as_xml)
     first_name = xml_tree.find("firstName")
     assert first_name.text == "John"
@@ -33,7 +34,7 @@ def test_use_xpath_for_more_sophisticated_checks():
         "http://parabank.parasoft.com/parabank/services/bank/customers/12212",
         timeout=60,
     )
-    response_body_as_xml = et.fromstring(response.content)
+    response_body_as_xml = defusedxml.ElementTree.fromstring(response.content)
     xml_tree = et.ElementTree(response_body_as_xml)
     address_children = xml_tree.findall(".//address/*")
     assert len(address_children) == 4
diff --git a/python3/16_Web_Services/c_REST/a_consuming_APIs/g_downloading_files/get_xml_data.py b/python3/16_Web_Services/c_REST/a_consuming_APIs/g_downloading_files/get_xml_data.py
@@ -1,8 +1,8 @@
 from numbers import Number
 from typing import Optional
-from xml.dom.minidom import parseString
 
 import requests
+import defusedxml.minidom
 
 SETTINGS = {
     "currency": "THB",
@@ -19,7 +19,7 @@ def check_exchange_rate(
     res = requests.get(URL, timeout=60)
 
     # we have to parse XML (unfortunately I did not find a .json API)
-    parsed = parseString(
+    parsed = defusedxml.minidom.parseString(
         str(res.content.decode("utf-8")).replace("\n", "").replace("\t", "")
     )
     currency_rates = parsed.childNodes[0].childNodes[2].childNodes[0].childNodes

diff --git a/python3/16_Web_Services/h_feedparsing/parse_RSS_feed.py b/python3/16_Web_Services/h_feedparsing/parse_RSS_feed.py
@@ -1,9 +1,9 @@
 # Python code to illustrate parsing of XML files
 # importing the required modules
 import csv
-import xml.etree.ElementTree as ET
 
 import requests
+import defusedxml.ElementTree
 
 
 def loadRSS():
@@ -20,7 +20,7 @@ def loadRSS():
 
 def parseXML(xmlfile):
     # create element tree object
-    tree = ET.parse(xmlfile)
+    tree = defusedxml.ElementTree.parse(xmlfile)
 
     # get root element
     root = tree.getroot()