Use Safe Parsers in `lxml` Parsing Functions (#1896)

* Use Safe Parsers in `lxml` Parsing Functions * fix --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> Co-authored-by: burnettk <burnettk@users.noreply.github.com>
2024-07-10 09:37:44 -07:00 · 2024-07-10 09:37:44 -07:00 · 8b26848ec9
parent f80373c822
commit 8b26848ec9
1 changed files with 1 additions and 1 deletions
--- a/spiffworkflow-backend/bin/detect_multiple_incoming_flows.py
+++ b/spiffworkflow-backend/bin/detect_multiple_incoming_flows.py
@ -7,7 +7,7 @@ def detect_multiple_incoming_flows(bpmn_file):
    # Parse the BPMN file
    try:
        # actually use SpecFileService.get_etree_from_xml_bytes if we use this in future
-        tree = etree.parse(bpmn_file)  # noqa: S320
+        tree = etree.parse(bpmn_file, parser=etree.XMLParser(resolve_entities=False))  # noqa: S320
    except etree.XMLSyntaxError as e:
        print(f"Error parsing {bpmn_file}: {e}")
        return []