diff --git a/scripts/coding_discovery_tools/macos/jetbrains/jetbrains.py b/scripts/coding_discovery_tools/macos/jetbrains/jetbrains.py index 048b7e82..602f8da6 100644 --- a/scripts/coding_discovery_tools/macos/jetbrains/jetbrains.py +++ b/scripts/coding_discovery_tools/macos/jetbrains/jetbrains.py @@ -6,6 +6,7 @@ import logging import re import xml.etree.ElementTree as ET +import defusedxml.ElementTree as DefusedET import zipfile from pathlib import Path from typing import Optional, Dict, List, Set, Tuple @@ -244,7 +245,7 @@ def _parse_plugin_xml(self, xml_content: str) -> Tuple[Optional[str], Optional[s try: # Remove XML namespace declarations for simpler parsing xml_content_clean = re.sub(r'\sxmlns[^"]*"[^"]*"', '', xml_content) - root = ET.fromstring(xml_content_clean) + root = DefusedET.fromstring(xml_content_clean) # Try to find tag, can be at root level or nested id_elem = root.find('.//id') diff --git a/scripts/coding_discovery_tools/macos/jetbrains/mcp_config_extractor.py b/scripts/coding_discovery_tools/macos/jetbrains/mcp_config_extractor.py index dfdd89ce..8be72494 100644 --- a/scripts/coding_discovery_tools/macos/jetbrains/mcp_config_extractor.py +++ b/scripts/coding_discovery_tools/macos/jetbrains/mcp_config_extractor.py @@ -6,6 +6,7 @@ import logging import os import xml.etree.ElementTree as ET +import defusedxml.ElementTree as DefusedET from pathlib import Path from typing import Optional, Dict, List @@ -198,7 +199,7 @@ def _parse_mcp_xml(self, xml_path: Path) -> List[Dict]: """Simplified 2025.x MCP XML parser.""" servers = [] try: - tree = ET.parse(xml_path) + tree = DefusedET.parse(xml_path) for node in tree.findall(".//McpServerConfigurationProperties"): def get_opt(n, name): diff --git a/scripts/coding_discovery_tools/windows/jetbrains/jetbrains.py b/scripts/coding_discovery_tools/windows/jetbrains/jetbrains.py index 3dffd48f..9d9ea74e 100644 --- a/scripts/coding_discovery_tools/windows/jetbrains/jetbrains.py +++ b/scripts/coding_discovery_tools/windows/jetbrains/jetbrains.py @@ -6,6 +6,7 @@ import logging import re import xml.etree.ElementTree as ET +import defusedxml.ElementTree as DefusedET import zipfile from pathlib import Path from typing import Optional, Dict, List, Set, Tuple @@ -322,7 +323,7 @@ def _parse_plugin_xml(self, xml_content: str) -> Tuple[Optional[str], Optional[s try: # Remove XML namespace declarations for simpler parsing xml_content_clean = re.sub(r'\sxmlns[^"]*"[^"]*"', '', xml_content) - root = ET.fromstring(xml_content_clean) + root = DefusedET.fromstring(xml_content_clean) # Try to find tag, can be at root level or nested id_elem = root.find('.//id') diff --git a/scripts/coding_discovery_tools/windows/jetbrains/mcp_config_extractor.py b/scripts/coding_discovery_tools/windows/jetbrains/mcp_config_extractor.py index ee7d9ad5..50a4a39d 100644 --- a/scripts/coding_discovery_tools/windows/jetbrains/mcp_config_extractor.py +++ b/scripts/coding_discovery_tools/windows/jetbrains/mcp_config_extractor.py @@ -6,6 +6,7 @@ import logging import os import xml.etree.ElementTree as ET +import defusedxml.ElementTree as DefusedET from pathlib import Path from typing import Optional, Dict, List @@ -284,7 +285,7 @@ def _extract_project_paths_from_xml(self, xml_path: Path) -> set: paths = set() try: - tree = ET.parse(xml_path) + tree = DefusedET.parse(xml_path) root = tree.getroot() # Various path formats used by JetBrains