🛡️ Sentinel: [CRITICAL] Fix XXE Injection Vulnerability#692
Conversation
Multiple modules were parsing untrusted external XML data (RSS feeds, WeCom API callbacks, Arxiv feeds) using the native `xml.etree.ElementTree` parser, which is known to be vulnerable to XML External Entity (XXE) injection attacks, including arbitrary file reading, denial of service (DoS), and Server-Side Request Forgery (SSRF). Fixed by replacing `xml.etree.ElementTree` with `defusedxml.ElementTree` across `optional-skills/devops/watchers/scripts/watch_rss.py`, `gateway/platforms/wecom_callback.py`, and `skills/research/arxiv/scripts/search_arxiv.py`. Added `defusedxml` to `pyproject.toml` dependencies and recorded the finding in Sentinel's journal. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
🔎 Lint report:
|
| Rule | Count |
|---|---|
unresolved-import |
3 |
invalid-argument-type |
3 |
First entries
optional-skills/devops/watchers/scripts/watch_rss.py:22: [unresolved-import] unresolved-import: Cannot resolve imported module `defusedxml.ElementTree`
run_agent.py:13576: [invalid-argument-type] invalid-argument-type: Argument to function `len` is incorrect: Expected `Sized`, found `(str & ~AlwaysFalsy) | (dict[Unknown | str, Unknown | str | dict[str, str]] & ~AlwaysFalsy) | (Any & ~AlwaysFalsy) | ... omitted 3 union elements`
gateway/platforms/wecom_callback.py:20: [unresolved-import] unresolved-import: Cannot resolve imported module `defusedxml.ElementTree`
skills/research/arxiv/scripts/search_arxiv.py:16: [unresolved-import] unresolved-import: Cannot resolve imported module `defusedxml.ElementTree`
run_agent.py:7317: [invalid-argument-type] invalid-argument-type: Argument to function `build_anthropic_client` is incorrect: Expected `str`, found `str | dict[Unknown | str, Unknown | str | dict[str, str]] | Any | ... omitted 3 union elements`
run_agent.py:13573: [invalid-argument-type] invalid-argument-type: Argument to function `_is_oauth_token` is incorrect: Expected `str`, found `str | dict[Unknown | str, Unknown | str | dict[str, str]] | Any | ... omitted 3 union elements`
✅ Fixed issues (7):
| Rule | Count |
|---|---|
invalid-argument-type |
3 |
unresolved-attribute |
2 |
no-matching-overload |
1 |
not-subscriptable |
1 |
First entries
skills/research/arxiv/scripts/search_arxiv.py:70: [no-matching-overload] no-matching-overload: No overload of bound method `str.join` matches arguments
skills/research/arxiv/scripts/search_arxiv.py:69: [unresolved-attribute] unresolved-attribute: Attribute `text` is not defined on `None` in union `Element[Unknown] | None`
run_agent.py:7317: [invalid-argument-type] invalid-argument-type: Argument to function `build_anthropic_client` is incorrect: Expected `str`, found `str | dict[Unknown, Unknown] | Any | ... omitted 3 union elements`
run_agent.py:13573: [invalid-argument-type] invalid-argument-type: Argument to function `_is_oauth_token` is incorrect: Expected `str`, found `str | dict[Unknown, Unknown] | Any | ... omitted 3 union elements`
run_agent.py:13576: [invalid-argument-type] invalid-argument-type: Argument to function `len` is incorrect: Expected `Sized`, found `(str & ~AlwaysFalsy) | (dict[Unknown, Unknown] & ~AlwaysFalsy) | (Any & ~AlwaysFalsy) | ... omitted 3 union elements`
skills/research/arxiv/scripts/search_arxiv.py:67: [not-subscriptable] not-subscriptable: Cannot subscript object of type `None` with no `__getitem__` method
skills/research/arxiv/scripts/search_arxiv.py:69: [unresolved-attribute] unresolved-attribute: Attribute `strip` is not defined on `None` in union `str | None`
Unchanged: 4350 pre-existing issues carried over.
Diagnostics are surfaced as warnings — this check never fails the build.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request mitigates XXE injection vulnerabilities by replacing the native xml.etree.ElementTree library with defusedxml.ElementTree in several modules, adding defusedxml to the project dependencies, and documenting the vulnerability prevention guidelines. However, in watch_rss.py, replacing the import causes an issue because defusedxml.ElementTree does not expose ParseError, which will lead to an AttributeError at runtime when handling invalid XML. A code suggestion is provided to import and bind ParseError to ET to resolve this.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR mitigates XXE-style XML parsing risks by switching several entrypoints that parse untrusted XML (RSS watcher, WeCom callback adapter, arXiv search script) from Python’s standard xml.etree.ElementTree to defusedxml, and by adding defusedxml as a dependency so the safer parser is available at runtime.
Changes:
- Add
defusedxmlto core dependencies (pyproject.toml) and updateuv.lock. - Replace
xml.etree.ElementTreeusage withdefusedxml.ElementTreein the identified XML-ingesting scripts/adapters. - Record the security learning in
.jules/sentinel.md.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
pyproject.toml |
Adds defusedxml to core dependencies. |
uv.lock |
Lockfile update reflecting the new dependency set. |
optional-skills/devops/watchers/scripts/watch_rss.py |
Switches RSS/Atom XML parsing to defusedxml. |
gateway/platforms/wecom_callback.py |
Switches WeCom callback XML parsing to defusedxml. |
skills/research/arxiv/scripts/search_arxiv.py |
Switches arXiv API response XML parsing to defusedxml. |
.jules/sentinel.md |
Documents the XXE prevention learning and guidance. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Auto-merge: checks failingThe following checks did not pass:
Please fix the failing checks before this PR can be merged. |
|
@copilot fix: failing checks |
watch_rss.py,wecom_callback.py, andsearch_arxiv.py) were parsing untrusted XML streams using Python's nativexml.etree.ElementTreemodule. The native standard library is vulnerable to XML External Entity (XXE) injection attacks.defusedxmldependency topyproject.tomland updateduv.lock. Replaced imports ofxml.etree.ElementTreewithdefusedxml.ElementTreeto securely parse untrusted XML. Updated the.jules/sentinel.mdjournal with this critical learning.pytest tests/gateway/test_wecom_callback.pyand manually tested thewatch_rss.pyandsearch_arxiv.pytools to ensure normal XML parsing behavior remains functionally identical. Verified that attempting to parse malformed XML triggers the correctParseError.PR created automatically by Jules for task 4659841705943269996 started by @badMade