Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

complaining the feature that i am not using in the python library #1164

Open
r4m4k0735w4r4r40 opened this issue Aug 8, 2024 · 0 comments
Open

complaining the feature that i am not using in the python library #1164

r4m4k0735w4r4r40 opened this issue Aug 8, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@r4m4k0735w4r4r40
Copy link

Describe the bug

I am using the below imports to construct the XML but I am not parsing the XML with the any of the below module or sub module but still bandit it complaining( CWE-20) that do not use those module or sub modules to parse the XML. I think it will be good to raise the warning if the feature is used.

import i am using
from xml.etree.ElementTree import Element, SubElement, tostring

Reproduction steps

Create test.py and add below code

import xml.etree.ElementTree as et

root = et.Element("user")
name = et.SubElement(root, "name")
name.text = "John Doe"
email = et.SubElement(root, "email")
email.text = "john@example.com"
tree = et.ElementTree(root)
a = et.tostring(root).decode("utf-8")
print(a)

Then run the bandit scan

Expected behavior

I think it will be good to raise the warning if the feature is used.

Bandit version

1.7.9 (Default)

Python version

3.9

Additional context

image
@r4m4k0735w4r4r40 r4m4k0735w4r4r40 added the bug Something isn't working label Aug 8, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@r4m4k0735w4r4r40