switch to safe XML parsing

Teque5 · Teque5 · commit 89dc117671d8 · 2026-04-12T09:40:17.000-07:00
diff --git a/pyproject.toml b/pyproject.toml
@@ -24,6 +24,7 @@ requires-python = ">=3.7"
 dependencies = [
     "numpy",        # for vector math
     "jsonschema",   # for spec validation
+    "defusedxml",   # for safe XML parsing (XXE protection)
 ]
     [project.urls]
     repository = "https://github.com/sigmf/sigmf-python"
diff --git a/sigmf/convert/signalhound.py b/sigmf/convert/signalhound.py
@@ -10,7 +10,7 @@
 import io
 import logging
 import tempfile
-import xml.etree.ElementTree as ET
+import defusedxml.ElementTree as ET
 from datetime import datetime, timedelta, timezone
 from pathlib import Path
 from typing import List, Optional, Tuple

Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,7 @@ requires-python = ">=3.7"`
`24`	`24`	`dependencies = [`
`25`	`25`	`"numpy", # for vector math`
`26`	`26`	`"jsonschema", # for spec validation`
	`27`	`+ "defusedxml", # for safe XML parsing (XXE protection)`
`27`	`28`	`]`
`28`	`29`	`[project.urls]`
`29`	`30`	`repository = "https://github.com/sigmf/sigmf-python"`