-
-
Notifications
You must be signed in to change notification settings - Fork 307
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
style: Fix read-whole-file (FURB101) and write-whole-file (FURB103) #4047
style: Fix read-whole-file (FURB101) and write-whole-file (FURB103) #4047
Conversation
@@ -572,8 +571,7 @@ | |||
|
|||
def etree_fromfile(filename): | |||
"""Create XML element tree from a given file name""" | |||
with open(filename, "r") as file_: | |||
return etree.fromstring(file_.read()) | |||
return etree.fromstring(Path(filename).read_text()) |
Check warning
Code scanning / Bandit
Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning
@@ -1294,8 +1292,7 @@ | |||
write_xml_modules(xml_file) | |||
|
|||
# read XML file | |||
with open(xml_file, "r") as xml: | |||
tree = etree.fromstring(xml.read()) | |||
tree = etree.fromstring(Path(xml_file).read_text()) |
Check warning
Code scanning / Bandit
Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning
Ruff rule: https://docs.astral.sh/ruff/rules/read-whole-file/ and https://docs.astral.sh/ruff/rules/write-whole-file/