chore: fix semgrep issues (#558)

Author: Artem Rys

poetry.lock

@@ -44,6 +44,7 @@ pytest-ordering = "*"
 lovely-pytest-docker = { version="^0", optional = true }
 junitparser = "^2.2.0"
 addonfactory-splunk-conf-parser-lib = "^0.3.3"
+defusedxml = "^0.7.1"
 
 
 [tool.poetry.extras]

pyproject.toml

@@ -883,19 +883,15 @@ def is_responsive_hec(request, splunk):
             "Trying to connect Splunk HEC...  splunk=%s",
             json.dumps(splunk),
         )
-        session_headers = {
-            "Authorization": f'Splunk {request.config.getoption("splunk_hec_token")}'
-        }
-        response = requests.get(
+        response = requests.get(  # nosemgrep: splunk.disabled-cert-validation
             f'{request.config.getoption("splunk_hec_scheme")}://{splunk["forwarder_host"]}:{splunk["port_hec"]}/services/collector/health/1.0',
             verify=False,
         )
         LOGGER.debug(f"Status code: {response.status_code}")
         if response.status_code in (200, 201):
             LOGGER.info("Splunk HEC is responsive.")
             return True
-        else:
-            return False
+        return False
     except Exception as e:
         LOGGER.warning(
             "Could not connect to Splunk HEC. Will try again. exception=%s",

pytest_splunk_addon/splunk.py

@@ -92,7 +92,7 @@ def create_output_conf(self):
         )
         LOGGER.debug(f"Creating following stanza in output.conf : {tcp_out_dict}")
         try:
-            response = requests.post(
+            response = requests.post(  # nosemgrep: splunk.disabled-cert-validation
                 self.outputs_endpoint,
                 tcp_out_dict,
                 auth=(self.uf_username, self.uf_password),
@@ -164,7 +164,7 @@ def create_inputs_stanza(self, event):
         )
         LOGGER.debug(f"Creating following stanza in inputs.conf : {stanza}")
         try:
-            response = requests.post(
+            response = requests.post(  # nosemgrep: splunk.disabled-cert-validation
                 self.inputs_endpoint,
                 stanza,
                 auth=(self.uf_username, self.uf_password),

pytest_splunk_addon/standard_lib/event_ingestors/file_monitor_ingestor.py

@@ -127,7 +127,7 @@ def __ingest(self, data):
                     str(data)
                 )
             )
-            response = requests.post(
+            response = requests.post(  # nosemgrep: splunk.disabled-cert-validation
                 "{}/{}".format(self.hec_uri, "event"),
                 auth=None,
                 json=data,

pytest_splunk_addon/standard_lib/event_ingestors/hec_event_ingestor.py

@@ -107,7 +107,7 @@ def ingest(self, data, thread_count):
                     str(data)
                 )
             )
-            response = requests.post(
+            response = requests.post(  # nosemgrep: splunk.disabled-cert-validation
                 self.hec_uri,
                 auth=None,
                 json=data,

pytest_splunk_addon/standard_lib/event_ingestors/hec_metric_ingestor.py

@@ -113,7 +113,7 @@ def __ingest(self, event, params):
                     str(event), str(params)
                 )
             )
-            response = requests.post(
+            response = requests.post(  # nosemgrep: splunk.disabled-cert-validation
                 "{}/{}".format(self.hec_uri, "raw"),
                 auth=None,
                 data=event,

pytest_splunk_addon/standard_lib/event_ingestors/hec_raw_ingestor.py

@@ -21,7 +21,8 @@
 
 import logging
 import os
-from xml.etree import cElementTree as ET
+
+from defusedxml import cElementTree as ET
 
 from pytest_splunk_addon.standard_lib.sample_generation.sample_event import SampleEvent
 

pytest_splunk_addon/standard_lib/event_ingestors/requirement_event_ingester.py

@@ -19,9 +19,9 @@
 import logging
 import os
 import re
-from xml.etree import cElementTree as ET
 
 import pytest
+from defusedxml import cElementTree as ET
 
 LOGGER = logging.getLogger("pytest-splunk-addon")