Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

style: Fix read-whole-file (FURB101) and write-whole-file (FURB103) #4047

Merged
merged 3 commits into from
Jul 13, 2024
Merged

style: Fix read-whole-file (FURB101) and write-whole-file (FURB103) #4047

merged 3 commits into from
Jul 13, 2024

Conversation

echoix
Copy link
Member

@echoix echoix commented Jul 13, 2024

@echoix echoix added this to the 8.5.0 milestone Jul 13, 2024
@echoix echoix requested a review from ninsbl July 13, 2024 21:45
@github-actions github-actions bot added GUI wxGUI related vector Related to vector data processing raster Related to raster data processing temporal Related to temporal data processing Python Related code is in Python libraries module docs general display tests Related to Test Suite notebook labels Jul 13, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 13, 2024
View reviewed changes
scripts/g.extension/g.extension.py
@@ -572,8 +571,7 @@

def etree_fromfile(filename):
"""Create XML element tree from a given file name"""
with open(filename, "r") as file_:
return etree.fromstring(file_.read())
return etree.fromstring(Path(filename).read_text())

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
scripts/g.extension/g.extension.py
@@ -1294,8 +1292,7 @@
write_xml_modules(xml_file)

# read XML file
with open(xml_file, "r") as xml:
tree = etree.fromstring(xml.read())
tree = etree.fromstring(Path(xml_file).read_text())

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
@echoix echoix enabled auto-merge (squash) July 13, 2024 22:37
@echoix echoix merged commit 7695805 into OSGeo:main Jul 13, 2024
28 checks passed
@echoix echoix deleted the fix-read-whole-file-write-whole-file branch July 13, 2024 22:53
@a0x8o a0x8o mentioned this pull request Jul 19, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ninsbl ninsbl ninsbl approved these changes

Assignees
No one assigned
Labels
display docs general GUI wxGUI related libraries module notebook Python Related code is in Python raster Related to raster data processing temporal Related to temporal data processing tests Related to Test Suite vector Related to vector data processing
Projects
None yet
Milestone
8.5.0
Development

Successfully merging this pull request may close these issues.
2 participants
@echoix @ninsbl