[flake8-bandit] Deprecate suspicious-xmle-tree-usage (S320)
#16680
+10
−2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
MichaReiser
added
breaking
MichaReiser
commented
Mar 12, 2025
| /// so a top-level `logging.py` or `logging/__init__.py` will clash with the builtin `logging` | ||
| /// module, but `utils/logging.py`, for example, will not. With the | ||
| /// [`lint.flake8-builtins.builtins-strict-checking`] option set to `true`, only the last component | ||
| /// [`lint.flake8-builtins.strict-checking`] option set to `true`, only the last component |
Member
Author
There was a problem hiding this comment.
This is an unrelated run-by fix. It still referenced the old option name.
CodSpeed Performance ReportMerging #16680 will degrade performances by 4.61%Comparing Summary
Benchmarks breakdown
|
Contributor
|
| code | total | + violation | - violation | + fix | - fix |
|---|---|---|---|---|---|
| S320 | 1 | 0 | 1 | 0 | 0 |
Linter (preview)
ℹ️ ecosystem check detected linter changes. (+0 -1 violations, +0 -0 fixes in 1 projects; 54 projects unchanged)
apache/airflow (+0 -1 violations, +0 -0 fixes)
ruff check --no-cache --exit-zero --ignore RUF9 --no-fix --output-format concise --preview --select ALL
- providers/amazon/src/airflow/providers/amazon/aws/hooks/base_aws.py:395:15: S320 Using `lxml` to parse untrusted data is known to be vulnerable to XML attacks
Changes by rule (1 rules affected)
| code | total | + violation | - violation | + fix | - fix |
|---|---|---|---|---|---|
| S320 | 1 | 0 | 1 | 0 | 0 |
ntBre
approved these changes
Mar 12, 2025
MichaReiser
added a commit
that referenced
this pull request
Mar 13, 2025
…6680) ## Summary Deprecate `S320` because defusedxml has deprecated there `lxml` module and `lxml` has been hardened since. flake8-bandit has removed their implementation as well (PyCQA/bandit#1212). Addresses #13707 ## Test Plan I verified that selecting `S320` prints a warning and fails if the preview mode is enabled.
MichaReiser
added a commit
that referenced
this pull request
Mar 13, 2025
…6680) ## Summary Deprecate `S320` because defusedxml has deprecated there `lxml` module and `lxml` has been hardened since. flake8-bandit has removed their implementation as well (PyCQA/bandit#1212). Addresses #13707 ## Test Plan I verified that selecting `S320` prints a warning and fails if the preview mode is enabled.
dcreager
added a commit
that referenced
this pull request
Mar 14, 2025
* main: (53 commits) [syntax-errors] Tuple unpacking in `for` statement iterator clause before Python 3.9 (#16558) Ruff v0.10 Release (#16708) Add new `noqa` specification to the docs (#16703) describe requires-python fallback in docs (#16704) [red-knot] handle cycles in MRO/bases resolution (#16693) [red-knot] Auto generate statement nodes (#16645) [`pylint`] Better inference for `str.strip` (`PLE310`) (#16671) [`pylint`] Improve `repeated-equality-comparison` fix to use a `set` when all elements are hashable (`PLR1714`) (#16685) [`pylint`/`pep8-naming`] Check `__new__` argument name in `bad-staticmethod-argument` and not `invalid-first-argument-name-for-class-method` (`PLW0211`/`N804`) (#16676) [`flake8-pyi`] Stabilize fix for `unused-private-type-var` (`PYI018`) (#16682) [`flake8-bandit`] Deprecate `suspicious-xmle-tree-usage` (`S320`) (#16680) [`flake8-simplify`] Avoid double negation in fixes (`SIM103`) (#16684) [`pyupgrade`]: Improve diagnostic range for `redundant-open-mode` (`UP015`) (#16672) Consider all `TYPE_CHECKING` symbols for type-checking blocks (#16669) [`pep8-naming`]: Ignore methods decorated with `@typing.override` (`invalid-argument-name`) (#16667) Stabilize FURB169 preview behavior (#16666) [`pylint`] Detect invalid default value type for `os.environ.get` (`PLW1508`) (#16674) [`flake8-pytest-style`] Allow for loops with empty bodies (`PT012`, `PT031`) (#16678) [`pyupgrade`]: Deprecate `non-pep604-isinstance` (`UP038`) (#16681) [`flake8-type-checking`] Stabilize `runtime-cast-value` (`TC006`) (#16637) ...
ntBre
added a commit
that referenced
this pull request
Jun 12, 2025
ntBre
added a commit
that referenced
this pull request
Jun 12, 2025
ntBre
added a commit
that referenced
this pull request
Jun 16, 2025
ntBre
added a commit
that referenced
this pull request
Jun 17, 2025
ntBre
added a commit
that referenced
this pull request
Jun 17, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Deprecate
S320because defusedxml has deprecated therelxmlmodule andlxmlhas been hardened since.flake8-bandit has removed their implementation as well (PyCQA/bandit#1212).
Addresses #13707
Test Plan
I verified that selecting
S320prints a warning and fails if the preview mode is enabled.