language-servers/ruff
1
0
Fork 0
mirror of https://github.com/astral-sh/ruff.git synced 2025-10-01 22:31:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

[flake8-bandit] Remove suspicious-lxml-import (S410) (#10154)

Browse source 
## Summary

The `lxml` library has been modified to address known vulnerabilities
and unsafe defaults. As such, the `defusedxml`
library is no longer necessary, `defusedxml` has deprecated its `lxml`
module.

Closes https://github.com/astral-sh/ruff/issues/10030.
This commit is contained in:
Charlie Marsh 2024-02-28 12:38:55 -05:00 committed by GitHub
parent 1791e7d73b
commit a1905172a8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 10 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
crates/ruff_linter/src/codes.rs
View file

@ -655,7 +655,7 @@ pub fn code_to_rule(linter: Linter, code: &str) -> Option<(RuleGroup, Rule)> {
(Flake8Bandit, "407") => (RuleGroup::Preview, rules::flake8_bandit::rules::SuspiciousXmlExpatImport),
(Flake8Bandit, "408") => (RuleGroup::Preview, rules::flake8_bandit::rules::SuspiciousXmlMinidomImport),
(Flake8Bandit, "409") => (RuleGroup::Preview, rules::flake8_bandit::rules::SuspiciousXmlPulldomImport),
(Flake8Bandit, "410") => (RuleGroup::Preview, rules::flake8_bandit::rules::SuspiciousLxmlImport),
(Flake8Bandit, "410") => (RuleGroup::Removed, rules::flake8_bandit::rules::SuspiciousLxmlImport),
(Flake8Bandit, "411") => (RuleGroup::Preview, rules::flake8_bandit::rules::SuspiciousXmlrpcImport),
(Flake8Bandit, "412") => (RuleGroup::Preview, rules::flake8_bandit::rules::SuspiciousHttpoxyImport),
(Flake8Bandit, "413") => (RuleGroup::Preview, rules::flake8_bandit::rules::SuspiciousPycryptoImport),

8
crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_imports.rs
View file

@ -211,6 +211,12 @@ impl Violation for SuspiciousXmlPulldomImport {
}
}
/// ## Removed
/// This rule was removed as the `lxml` library has been modified to address
/// known vulnerabilities and unsafe defaults. As such, the `defusedxml`
/// library is no longer necessary, `defusedxml` has [deprecated] its `lxml`
/// module.
///
/// ## What it does
/// Checks for imports of the `lxml` module.
///
@ -223,6 +229,8 @@ impl Violation for SuspiciousXmlPulldomImport {
/// ```python
/// import lxml
/// ```
///
/// [deprecated]: https://github.com/tiran/defusedxml/blob/c7445887f5e1bcea470a16f61369d29870cfcfe1/README.md#defusedxmllxml
#[violation]
pub struct SuspiciousLxmlImport;

1
ruff.schema.json generated
View file

@ -3594,7 +3594,6 @@
"S408",
"S409",
"S41",
"S410",
"S411",
"S412",
"S413",