From e446fc38c25e9a98d3508e502bcfe6885b62f561 Mon Sep 17 00:00:00 2001
From: "Dr.-Ing. Amilcar do Carmo Lucas" <amilcar.lucas@iav.de>
Date: Mon, 17 Jun 2024 07:41:40 +0200
Subject: [PATCH] IMPROVEMENT: more defusexml fixes

---
 MethodicConfigurator/annotate_params.py |  3 +--
 unittests/annotate_params_test.py       | 10 ++++++----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/MethodicConfigurator/annotate_params.py b/MethodicConfigurator/annotate_params.py
index 08ea4d0..38116bb 100755
--- a/MethodicConfigurator/annotate_params.py
+++ b/MethodicConfigurator/annotate_params.py
@@ -31,11 +31,10 @@
 from sys import exit as sys_exit
 from typing import Any, Dict, List, Optional, Tuple
 
-from xml.etree import ElementTree as ET # no parsing, just data-structure manipulation
-
 import argparse
 import logging
 
+from xml.etree import ElementTree as ET # no parsing, just data-structure manipulation
 from defusedxml import ElementTree as DET # just parsing, no data-structure manipulation
 
 
diff --git a/unittests/annotate_params_test.py b/unittests/annotate_params_test.py
index fcfe403..2bef8c7 100755
--- a/unittests/annotate_params_test.py
+++ b/unittests/annotate_params_test.py
@@ -14,11 +14,13 @@
 from unittest.mock import patch, mock_open
 import os
 import unittest
-import xml.etree.ElementTree as ET
 import requests
 import mock
 
-from annotate_params import get_xml_data
+from xml.etree import ElementTree as ET  # no parsing, just data-structure manipulation
+from defusedxml import ElementTree as DET  # just parsing, no data-structure manipulation
+
+from MethodicConfigurator.annotate_params import get_xml_data
 from MethodicConfigurator.annotate_params import remove_prefix
 from MethodicConfigurator.annotate_params import split_into_lines
 from MethodicConfigurator.annotate_params import create_doc_dict
@@ -258,7 +260,7 @@ def test_create_doc_dict(self):
             </param>
         </root>
         '''
-        root = ET.fromstring(xml_data)
+        root = DET.fromstring(xml_data)
 
         # Expected output
         expected_output = {
@@ -491,7 +493,7 @@ def test_print_read_only_params(self, mock_info):
             </param>
         </root>
         '''
-        root = ET.fromstring(xml_data)
+        root = DET.fromstring(xml_data)
         doc_dict = create_doc_dict(root, "VehicleType")
 
         # Call the function with the mock XML data