From 7fb8cc7dc71389e93240ca14bdbe9d0d02ff788a Mon Sep 17 00:00:00 2001 From: clavedeluna Date: Mon, 26 Feb 2024 08:28:12 -0300 Subject: [PATCH 1/3] testing sonarcloud --- .pre-commit-config.yaml | 1 + src/core_codemods/one.py | 5 +++++ src/core_codemods/two.py | 5 +++++ 3 files changed, 11 insertions(+) create mode 100644 src/core_codemods/one.py create mode 100644 src/core_codemods/two.py diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9fcfac45..2699c024 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -38,6 +38,7 @@ repos: "types-PyYAML==6.0", "types-toml~=0.10", "types-requests~=2.13", + "lxml-stubs", ] - repo: https://github.com/astral-sh/ruff-pre-commit rev: v0.2.2 diff --git a/src/core_codemods/one.py b/src/core_codemods/one.py new file mode 100644 index 00000000..c69ce910 --- /dev/null +++ b/src/core_codemods/one.py @@ -0,0 +1,5 @@ +from lxml import etree + +parser = etree.XMLParser() +tree = etree.parse("xxe.xml", parser) +root = tree.getroot() diff --git a/src/core_codemods/two.py b/src/core_codemods/two.py new file mode 100644 index 00000000..a1f5c66a --- /dev/null +++ b/src/core_codemods/two.py @@ -0,0 +1,5 @@ +import lxml.etree + +parser = lxml.etree.XMLParser() +tree = lxml.etree.parse("xxe.xml", parser) +root = tree.getroot() From d08db1a6eab1caf655b0ea1d57371ca03664e803 Mon Sep 17 00:00:00 2001 From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com> Date: Mon, 26 Feb 2024 11:33:32 +0000 Subject: [PATCH 2/3] Use Safe Defaults for `lxml` Parsers --- src/core_codemods/one.py | 2 +- src/core_codemods/two.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/core_codemods/one.py b/src/core_codemods/one.py index c69ce910..7396065f 100644 --- a/src/core_codemods/one.py +++ b/src/core_codemods/one.py @@ -1,5 +1,5 @@ from lxml import etree -parser = etree.XMLParser() +parser = etree.XMLParser(resolve_entities=False) tree = etree.parse("xxe.xml", parser) root = tree.getroot() diff --git a/src/core_codemods/two.py b/src/core_codemods/two.py index a1f5c66a..dd363dca 100644 --- a/src/core_codemods/two.py +++ b/src/core_codemods/two.py @@ -1,5 +1,5 @@ import lxml.etree -parser = lxml.etree.XMLParser() +parser = lxml.etree.XMLParser(resolve_entities=False) tree = lxml.etree.parse("xxe.xml", parser) root = tree.getroot() From 1c4335cdb46a0308d996af25044dd800fe2bc1ff Mon Sep 17 00:00:00 2001 From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com> Date: Mon, 26 Feb 2024 11:33:33 +0000 Subject: [PATCH 3/3] Use Safe Parsers in `lxml` Parsing Functions --- src/core_codemods/one.py | 3 ++- src/core_codemods/two.py | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/core_codemods/one.py b/src/core_codemods/one.py index 7396065f..075c1cd7 100644 --- a/src/core_codemods/one.py +++ b/src/core_codemods/one.py @@ -1,5 +1,6 @@ from lxml import etree +import lxml.etree parser = etree.XMLParser(resolve_entities=False) -tree = etree.parse("xxe.xml", parser) +tree = etree.parse("xxe.xml", parser, parser=lxml.etree.XMLParser(resolve_entities=False)) root = tree.getroot() diff --git a/src/core_codemods/two.py b/src/core_codemods/two.py index dd363dca..16b528fe 100644 --- a/src/core_codemods/two.py +++ b/src/core_codemods/two.py @@ -1,5 +1,5 @@ import lxml.etree parser = lxml.etree.XMLParser(resolve_entities=False) -tree = lxml.etree.parse("xxe.xml", parser) +tree = lxml.etree.parse("xxe.xml", parser, parser=lxml.etree.XMLParser(resolve_entities=False)) root = tree.getroot()