From 98d176734149b9966d35674c99cf5796739b7221 Mon Sep 17 00:00:00 2001 From: Micha Reiser Date: Wed, 12 Mar 2025 15:49:00 +0100 Subject: [PATCH] [`flake8-bandit`] Deprecate `suspicious-xmle-tree-usage` (`S320`) --- crates/ruff_linter/src/codes.rs | 2 +- .../rules/flake8_bandit/rules/suspicious_function_call.rs | 8 ++++++++ .../flake8_builtins/rules/stdlib_module_shadowing.rs | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/crates/ruff_linter/src/codes.rs b/crates/ruff_linter/src/codes.rs index bc6beca498700..1c7033c214d07 100644 --- a/crates/ruff_linter/src/codes.rs +++ b/crates/ruff_linter/src/codes.rs @@ -649,7 +649,7 @@ pub fn code_to_rule(linter: Linter, code: &str) -> Option<(RuleGroup, Rule)> { (Flake8Bandit, "317") => (RuleGroup::Stable, rules::flake8_bandit::rules::SuspiciousXMLSaxUsage), (Flake8Bandit, "318") => (RuleGroup::Stable, rules::flake8_bandit::rules::SuspiciousXMLMiniDOMUsage), (Flake8Bandit, "319") => (RuleGroup::Stable, rules::flake8_bandit::rules::SuspiciousXMLPullDOMUsage), - (Flake8Bandit, "320") => (RuleGroup::Stable, rules::flake8_bandit::rules::SuspiciousXMLETreeUsage), + (Flake8Bandit, "320") => (RuleGroup::Deprecated, rules::flake8_bandit::rules::SuspiciousXMLETreeUsage), (Flake8Bandit, "321") => (RuleGroup::Stable, rules::flake8_bandit::rules::SuspiciousFTPLibUsage), (Flake8Bandit, "323") => (RuleGroup::Stable, rules::flake8_bandit::rules::SuspiciousUnverifiedContextUsage), (Flake8Bandit, "324") => (RuleGroup::Stable, rules::flake8_bandit::rules::HashlibInsecureHashFunction), diff --git a/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_function_call.rs b/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_function_call.rs index bc4e50d1e585c..08b20a1fdf2c0 100644 --- a/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_function_call.rs +++ b/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_function_call.rs @@ -779,6 +779,13 @@ impl Violation for SuspiciousXMLPullDOMUsage { } } +/// ## Deprecation +/// +/// This rule was deprecated as the `lxml` library has been modified to address +/// known vulnerabilities and unsafe defaults. As such, the `defusedxml` +/// library is no longer necessary, `defusedxml` has [deprecated] its `lxml` +/// module. +/// /// ## What it does /// Checks for uses of insecure XML parsers. /// @@ -802,6 +809,7 @@ impl Violation for SuspiciousXMLPullDOMUsage { /// - [Common Weakness Enumeration: CWE-776](https://cwe.mitre.org/data/definitions/776.html) /// /// [preview]: https://docs.astral.sh/ruff/preview/ +/// [deprecated]: https://pypi.org/project/defusedxml/0.8.0rc2/#defusedxml-lxml #[derive(ViolationMetadata)] pub(crate) struct SuspiciousXMLETreeUsage; diff --git a/crates/ruff_linter/src/rules/flake8_builtins/rules/stdlib_module_shadowing.rs b/crates/ruff_linter/src/rules/flake8_builtins/rules/stdlib_module_shadowing.rs index b26369d0f3862..42cf7c5c07074 100644 --- a/crates/ruff_linter/src/rules/flake8_builtins/rules/stdlib_module_shadowing.rs +++ b/crates/ruff_linter/src/rules/flake8_builtins/rules/stdlib_module_shadowing.rs @@ -26,7 +26,7 @@ use crate::settings::LinterSettings; /// By default, the module path relative to the project root or [`src`] directories is considered, /// so a top-level `logging.py` or `logging/__init__.py` will clash with the builtin `logging` /// module, but `utils/logging.py`, for example, will not. With the -/// [`lint.flake8-builtins.builtins-strict-checking`] option set to `true`, only the last component +/// [`lint.flake8-builtins.strict-checking`] option set to `true`, only the last component /// of the module name is considered, so `logging.py`, `utils/logging.py`, and /// `utils/logging/__init__.py` will all trigger the rule. ///