Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CI(deps): Update ruff to v0.6.1 #4184

Merged
merged 3 commits into from
Aug 17, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/python-code-quality.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
# renovate: datasource=pypi depName=bandit
BANDIT_VERSION: "1.7.9"
# renovate: datasource=pypi depName=ruff
RUFF_VERSION: "0.5.7"
RUFF_VERSION: "0.6.1"

runs-on: ${{ matrix.os }}
permissions:
Expand Down Expand Up @@ -146,7 +146,7 @@
- name: Set number of cores for compilation
run: |
echo "MAKEFLAGS=-j$(nproc)" >> $GITHUB_ENV

Check warning on line 149 in .github/workflows/python-code-quality.yml

View workflow job for this annotation

GitHub Actions / Python Code Quality Checks (ubuntu-22.04)

Temporarily downgraded pytest-pylint and pytest to allow merging other PRs. The errors reported with a newer version seem legitimite and should be fixed (2023-10-18, see https://github.com/OSGeo/grass/pull/3205) (2024-01-28, see https://github.com/OSGeo/grass/issues/3380)
- uses: rui314/setup-mold@0bf4f07ef9048ec62a45f9dbf2f098afa49695f0 # v1
- name: Build
run: .github/workflows/build_${{ matrix.os }}.sh $HOME/install
Expand Down
3 changes: 1 addition & 2 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -37,11 +37,10 @@ repos:
)
- repo: https://github.com/astral-sh/ruff-pre-commit
# Ruff version.
rev: v0.5.7
rev: v0.6.1
hooks:
# Run the linter.
- id: ruff
types_or: [python, pyi, jupyter]
args: [--fix, --preview]
- repo: https://github.com/igorshubovych/markdownlint-cli
rev: v0.41.0
Expand Down
4 changes: 2 additions & 2 deletions gui/wxpython/animation/nviztask.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
@author Anna Petrasova <kratochanna gmail.com>
"""

import xml.etree.ElementTree as etree
import xml.etree.ElementTree as ET

Check notice

Code scanning / Bandit

Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called. Note

Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.

from core.workspace import ProcessWorkspaceFile
from core.gcmd import RunCommand, GException
Expand All @@ -33,7 +33,7 @@
self.task = gtask.grassTask("m.nviz.image")
self.filename = filename
try:
gxwXml = ProcessWorkspaceFile(etree.parse(self.filename))
gxwXml = ProcessWorkspaceFile(ET.parse(self.filename))

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
except Exception:
raise GException(
_(
Expand Down
4 changes: 2 additions & 2 deletions gui/wxpython/core/menutree.py
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
import os
import sys
import copy
import xml.etree.ElementTree as etree
import xml.etree.ElementTree as ET

Check notice

Code scanning / Bandit

Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called. Note

Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.

import wx

Expand All @@ -62,7 +62,7 @@
group="appearance", key="menustyle", subkey="selection"
)

xmlTree = etree.parse(filename)
xmlTree = ET.parse(filename)

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
if expandAddons:
expAddons(xmlTree)
for message in getToolboxMessages():
Expand Down
56 changes: 28 additions & 28 deletions gui/wxpython/core/toolboxes.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,15 +17,15 @@
import sys
import copy
import shutil
import xml.etree.ElementTree as etree
import xml.etree.ElementTree as ET

Check notice

Code scanning / Bandit

Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called. Note

Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
from xml.parsers import expat

import grass.script.task as gtask
import grass.script.core as gcore
from grass.script.utils import try_remove, decode
from grass.exceptions import ScriptError, CalledModuleError

ETREE_EXCEPTIONS = (etree.ParseError, expat.ExpatError)
ETREE_EXCEPTIONS = (ET.ParseError, expat.ExpatError)

# duplicating code from core/globalvar.py
# if this will become part of grass Python library or module, this should be
Expand Down Expand Up @@ -270,19 +270,19 @@
:return: ElementTree instance
"""
if userDefined and userRootFile:
mainMenu = etree.parse(userRootFile)
mainMenu = ET.parse(userRootFile)

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
else:
mainMenu = etree.parse(distributionRootFile)
mainMenu = ET.parse(distributionRootFile)

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called

toolboxes = etree.parse(toolboxesFile)
toolboxes = ET.parse(toolboxesFile)

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called

if userDefined and _getUserToolboxesFile():
userToolboxes = etree.parse(_getUserToolboxesFile())
userToolboxes = ET.parse(_getUserToolboxesFile())

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
else:
userToolboxes = None

wxguiItems = etree.parse(wxguiItemsFile)
moduleItems = etree.parse(moduleItemsFile)
wxguiItems = ET.parse(wxguiItemsFile)

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
moduleItems = ET.parse(moduleItemsFile)

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called

return toolboxes2menudata(
mainMenu=mainMenu,
Expand Down Expand Up @@ -463,11 +463,11 @@
for n in node.findall("./items/user-toolboxes-list"):
items = node.find("./items")
idx = list(items).index(n)
el = etree.Element("toolbox", attrib={"name": "GeneratedUserToolboxesList"})
el = ET.Element("toolbox", attrib={"name": "GeneratedUserToolboxesList"})
items.insert(idx, el)
label = etree.SubElement(el, "label")
label = ET.SubElement(el, "label")
label.text = _("Custom toolboxes")
it = etree.SubElement(el, "items")
it = ET.SubElement(el, "items")
for toolbox in tboxes:
it.append(copy.deepcopy(toolbox))
items.remove(n)
Expand Down Expand Up @@ -551,15 +551,15 @@
idx = list(items).index(n)
# do not set name since it is already in menudata file
# attib={'name': 'AddonsList'}
el = etree.Element("menu")
el = ET.Element("menu")
items.insert(idx, el)
label = etree.SubElement(el, "label")
label = ET.SubElement(el, "label")
label.text = _("Addons")
it = etree.SubElement(el, "items")
it = ET.SubElement(el, "items")
for addon in addons:
addonItem = etree.SubElement(it, "module-item")
addonItem = ET.SubElement(it, "module-item")
addonItem.attrib = {"name": addon}
addonLabel = etree.SubElement(addonItem, "label")
addonLabel = ET.SubElement(addonItem, "label")
addonLabel.text = addon
items.remove(n)

Expand Down Expand Up @@ -613,7 +613,7 @@
for module in modules:
name = module.get("name")
if module.find("module") is None:
n = etree.SubElement(module, "module")
n = ET.SubElement(module, "module")
n.text = name

if module.find("description") is None:
Expand All @@ -627,9 +627,9 @@
desc, keywords = _("Module not installed"), ""
else:
desc, keywords = "", ""
n = etree.SubElement(module, "description")
n = ET.SubElement(module, "description")
n.text = _escapeXML(desc)
n = etree.SubElement(module, "keywords")
n = ET.SubElement(module, "keywords")
n.text = _escapeXML(",".join(keywords))

if hasErrors:
Expand Down Expand Up @@ -672,13 +672,13 @@
"""Add missing handlers to modules"""
for n in node.findall(".//module-item"):
if n.find("handler") is None:
handlerNode = etree.SubElement(n, "handler")
handlerNode = ET.SubElement(n, "handler")
handlerNode.text = "OnMenuCmd"

# e.g. g.region -p
for n in node.findall(".//wxgui-item"):
if n.find("command") is not None:
handlerNode = etree.SubElement(n, "handler")
handlerNode = ET.SubElement(n, "handler")
handlerNode.text = "RunMenuCmd"


Expand Down Expand Up @@ -751,7 +751,7 @@

:return: XML as string
"""
xml = etree.tostring(root, encoding="UTF-8")
xml = ET.tostring(root, encoding="UTF-8")
return xml.replace(
b"<?xml version='1.0' encoding='UTF-8'?>\n",
b"<?xml version='1.0' encoding='UTF-8'?>\n"
Expand Down Expand Up @@ -820,12 +820,12 @@
wxguiItemsFile = os.path.join(WXGUIDIR, "xml", "wxgui_items.xml")
moduleItemsFile = os.path.join(WXGUIDIR, "xml", "module_items.xml")

toolboxes = etree.parse(toolboxesFile)
userToolboxes = etree.parse(userToolboxesFile)
menu = etree.parse(menuFile)
toolboxes = ET.parse(toolboxesFile)

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
userToolboxes = ET.parse(userToolboxesFile)

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
menu = ET.parse(menuFile)

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called

wxguiItems = etree.parse(wxguiItemsFile)
moduleItems = etree.parse(moduleItemsFile)
wxguiItems = ET.parse(wxguiItemsFile)

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
moduleItems = ET.parse(moduleItemsFile)

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called

tree = toolboxes2menudata(
mainMenu=menu,
Expand Down Expand Up @@ -868,7 +868,7 @@

def validate_file(filename):
try:
etree.parse(filename)
ET.parse(filename)

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
except ETREE_EXCEPTIONS as error:
print(
"XML file <{name}> is not well formed: {error}".format(
Expand Down
4 changes: 2 additions & 2 deletions gui/wxpython/gmodeler/model.py
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@
import mimetypes
import time

import xml.etree.ElementTree as etree
import xml.etree.ElementTree as ET

Check notice

Code scanning / Bandit

Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called. Note

Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
from xml.sax import saxutils

import wx
Expand Down Expand Up @@ -323,7 +323,7 @@
"""
# parse workspace file
try:
gxmXml = ProcessModelFile(etree.parse(filename))
gxmXml = ProcessModelFile(ET.parse(filename))

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
except Exception as e:
raise GException("{}".format(e))

Expand Down
4 changes: 2 additions & 2 deletions gui/wxpython/gui_core/forms.py
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@
import wx.lib.filebrowsebutton as filebrowse
from wx.lib.newevent import NewEvent

import xml.etree.ElementTree as etree
import xml.etree.ElementTree as ET

Check notice

Code scanning / Bandit

Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called. Note

Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.

# needed when started from command line and for testing
if __name__ == "__main__":
Expand Down Expand Up @@ -3221,7 +3221,7 @@
"""
# parse the interface description
if not self.grass_task:
tree = etree.fromstring(gtask.get_interface_description(cmd))
tree = ET.fromstring(gtask.get_interface_description(cmd))

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
self.grass_task = gtask.processTask(tree).get_task()

for p in self.grass_task.params:
Expand Down
4 changes: 2 additions & 2 deletions gui/wxpython/lmgr/workspace.py
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
import os
import tempfile

import xml.etree.ElementTree as etree
import xml.etree.ElementTree as ET

Check notice

Code scanning / Bandit

Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called. Note

Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.

import wx
import wx.aui
Expand Down Expand Up @@ -171,7 +171,7 @@
"""
# parse workspace file
try:
gxwXml = ProcessWorkspaceFile(etree.parse(filename))
gxwXml = ProcessWorkspaceFile(ET.parse(filename))

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
except Exception as e:
GError(
parent=self.lmgr,
Expand Down
4 changes: 2 additions & 2 deletions gui/wxpython/tools/update_menudata.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
import sys
import tempfile

import xml.etree.ElementTree as etree
import xml.etree.ElementTree as ET

Check notice

Code scanning / Bandit

Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called. Note

Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.

from grass.script import core as grass
from grass.script import task as gtask
Expand Down Expand Up @@ -97,7 +97,7 @@
grass.warning("%s: keywords missing" % module)
else:
if node.find("keywords") is None:
node.insert(2, etree.Element("keywords"))
node.insert(2, ET.Element("keywords"))
grass.warning("Adding tag 'keywords' to '%s'" % module)
node.find("keywords").text = ",".join(modules[module]["keywords"])

Expand Down
4 changes: 1 addition & 3 deletions pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,12 @@ extend-exclude = '''
'''

[tool.ruff]
required-version = ">=0.5.0"
required-version = ">=0.6.0"

builtins = ["_"]

# In addition to the standard set of exclusions, omit the following files or folders.
extend-exclude = ["python/libgrass_interface_generator"]
# In addition to the standard set of inclusions, include `.ipynb` files.
extend-include = ["*.ipynb"]

[tool.ruff.lint]
# See https://docs.astral.sh/ruff/rules/
Expand Down
6 changes: 3 additions & 3 deletions python/grass/gunittest/reporters.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
import datetime
from pathlib import Path
from xml.sax import saxutils
import xml.etree.ElementTree as et
import xml.etree.ElementTree as ET

Check notice

Code scanning / Bandit

Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called. Note

Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
import subprocess
import collections
import re
Expand Down Expand Up @@ -199,7 +199,7 @@
rc = p.poll()
info = {}
if not rc:
root = et.fromstring(stdout)
root = ET.fromstring(stdout)

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
# TODO: get also date if this make sense
# expecting only one <entry> element
entry = root.find("entry")
Expand Down Expand Up @@ -257,7 +257,7 @@
stdout, stderr = p.communicate()
rc = p.poll()
if not rc:
root = et.fromstring(stdout)
root = ET.fromstring(stdout)

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
# TODO: get also date if this make sense
# expecting only one <entry> element
author_nodes = root.iterfind("*/author")
Expand Down
8 changes: 4 additions & 4 deletions python/grass/script/task.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,14 +21,14 @@
import os
import re
import sys
import xml.etree.ElementTree as etree
import xml.etree.ElementTree as ET

Check notice

Code scanning / Bandit

Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called. Note

Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
from xml.parsers import expat

from grass.exceptions import ScriptError
from .utils import decode, split
from .core import Popen, PIPE, get_real_command

ETREE_EXCEPTIONS = (etree.ParseError, expat.ExpatError)
ETREE_EXCEPTIONS = (ET.ParseError, expat.ExpatError)


class grassTask:
Expand Down Expand Up @@ -63,7 +63,7 @@
if path is not None:
try:
processTask(
tree=etree.fromstring(get_interface_description(path)), task=self
tree=ET.fromstring(get_interface_description(path)), task=self

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
)
except ScriptError as e:
self.errorMsg = e.value
Expand Down Expand Up @@ -523,7 +523,7 @@
:param blackList:
"""
try:
tree = etree.fromstring(get_interface_description(name))
tree = ET.fromstring(get_interface_description(name))

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
except ETREE_EXCEPTIONS as error:
raise ScriptError(
_("Cannot parse interface description of<{name}> module: {error}").format(
Expand Down
6 changes: 3 additions & 3 deletions scripts/g.extension.all/g.extension.all.py
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@
import re
import sys

import xml.etree.ElementTree as etree
import xml.etree.ElementTree as ET

Check notice

Code scanning / Bandit

Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called. Note

Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.

from urllib import request as urlrequest
from urllib.error import HTTPError, URLError
Expand All @@ -66,7 +66,7 @@
# read XML file
fo = open(fXML, "r")
try:
tree = etree.fromstring(fo.read())
tree = ET.fromstring(fo.read())

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
except Exception as e:
gs.error(_("Unable to parse metadata file: %s") % e)
fo.close()
Expand Down Expand Up @@ -184,7 +184,7 @@
url=url,
response_format="application/xml",
)
tree = etree.fromstring(response.read())
tree = ET.fromstring(response.read())

Check warning

Code scanning / Bandit

Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
result = []
for addon in addons:
found = False
Expand Down
Loading
Loading