From 1f21c606344fbd9ffe51983fc200655e06585bfc Mon Sep 17 00:00:00 2001
From: Pradeeban Kathiravelu <kk.pradeeban@gmail.com>
Date: Wed, 19 Mar 2025 22:05:16 -0800
Subject: [PATCH] Potential fix for code scanning alert no. 2: XML internal
 entity expansion

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 server/controller/workflow.py | 2 +-
 server/requirements.txt       | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/server/controller/workflow.py b/server/controller/workflow.py
index 5e42470..77237c9 100644
--- a/server/controller/workflow.py
+++ b/server/controller/workflow.py
@@ -1,6 +1,6 @@
 from model.workflows import *
 from flask import request, make_response, Blueprint
-import xml.etree.ElementTree as ET
+import defusedxml.ElementTree as ET
 
 workFlow = Blueprint('workflow', __name__)
 workFlowModel = WorkFlowModel()
diff --git a/server/requirements.txt b/server/requirements.txt
index eaa3bf6..57602f7 100644
--- a/server/requirements.txt
+++ b/server/requirements.txt
@@ -3,4 +3,5 @@ Flask==2.0.1
 python-dotenv==0.19.0
 pymongo==3.12.0
 gunicorn==20.0.4
-flask-cors==3.0.10
\ No newline at end of file
+flask-cors==3.0.10
+defusedxml==0.7.1
\ No newline at end of file