From ebf2b8e6725d0238fac53c2edaa12b0fae7903c1 Mon Sep 17 00:00:00 2001
From: Kira <kira68784@gmail.com>
Date: Thu, 14 Mar 2024 13:38:43 +0800
Subject: [PATCH] update B405 rules

make B405 rules more specific. Because not all in the module is related
to parse xml. Some of them is needed for typing, for example Element.
---
 bandit/blacklists/imports.py | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/bandit/blacklists/imports.py b/bandit/blacklists/imports.py
index 58dfcb3c7..deb6503a7 100644
--- a/bandit/blacklists/imports.py
+++ b/bandit/blacklists/imports.py
@@ -74,7 +74,10 @@
 | ID   |  Name               |  Imports                           |  Severity |
 +======+=====================+====================================+===========+
 | B405 | import_xml_etree    | - xml.etree.cElementTree           | low       |
-|      |                     | - xml.etree.ElementTree            |           |
+|      |                     | - xml.etree.ElementTree.XMLParser  |           |
+|      |                     | - xml.etree.ElementTree.fromstring |           |
+|      |                     | - xml.etree.ElementTree.iterparse  |           |
+|      |                     | - xml.etree.ElementTree.parse      |           |
 +------+---------------------+------------------------------------+-----------+
 
 B406: import_xml_sax
@@ -308,7 +311,13 @@ def gen_blacklist():
             "import_xml_etree",
             "B405",
             issue.Cwe.IMPROPER_INPUT_VALIDATION,
-            ["xml.etree.cElementTree", "xml.etree.ElementTree"],
+            [
+                "xml.etree.cElementTree",
+                "xml.etree.ElementTree.XMLParser",
+                "xml.etree.ElementTree.fromstring",
+                "xml.etree.ElementTree.iterparse",
+                "xml.etree.ElementTree.parse",
+            ],
             xml_msg,
             "LOW",
         )