DissectMalware
commented
2 years ago Thank you for the PR.
I added the package to requirements.txt and also to setup.py. However, I made it optional for the time being. if defusedxml package is not installed on a machine, xlmdeofuscator warns the user and continues using xml.etree package
xml.etree.ElementTree.fromstring is insecure against maliciously constructed data. Recommend switching to defusedxml.ElementTree
https://docs.python.org/3/library/xml.etree.elementtree.html