You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am using the below imports to construct the XML but I am not parsing the XML with the any of the below module or sub module but still bandit it complaining( CWE-20) that do not use those module or sub modules to parse the XML. I think it will be good to raise the warning if the feature is used.
import i am using
from xml.etree.ElementTree import Element, SubElement, tostring
Reproduction steps
Create test.py and add below code
import xml.etree.ElementTree as et
root = et.Element("user")
name = et.SubElement(root, "name")
name.text = "John Doe"
email = et.SubElement(root, "email")
email.text = "[email protected]"
tree = et.ElementTree(root)
a = et.tostring(root).decode("utf-8")
print(a)
Then run the bandit scan
Expected behavior
I think it will be good to raise the warning if the feature is used.
Bandit version
1.7.9 (Default)
Python version
3.9
Additional context
The text was updated successfully, but these errors were encountered:
Describe the bug
I am using the below imports to construct the XML but I am not parsing the XML with the any of the below module or sub module but still bandit it complaining( CWE-20) that do not use those module or sub modules to parse the XML. I think it will be good to raise the warning if the feature is used.
import i am using
from xml.etree.ElementTree import Element, SubElement, tostring
Reproduction steps
Expected behavior
I think it will be good to raise the warning if the feature is used.
Bandit version
1.7.9 (Default)
Python version
3.9
Additional context
The text was updated successfully, but these errors were encountered: