[flake8-bandit] Remove suspicious-lxml-import (S410) (#10154)

## Summary The `lxml` library has been modified to address known vulnerabilities and unsafe defaults. As such, the `defusedxml` library is no longer necessary, `defusedxml` has deprecated its `lxml` module. Closes #10030.
astral-sh · Feb 28, 2024 · a190517 · a190517
1 parent 1791e7d
commit a190517
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 3 deletions.
diff --git a/crates/ruff_linter/src/codes.rs b/crates/ruff_linter/src/codes.rs
@@ -655,7 +655,7 @@ pub fn code_to_rule(linter: Linter, code: &str) -> Option<(RuleGroup, Rule)> {
         (Flake8Bandit, "407") => (RuleGroup::Preview, rules::flake8_bandit::rules::SuspiciousXmlExpatImport),
         (Flake8Bandit, "408") => (RuleGroup::Preview, rules::flake8_bandit::rules::SuspiciousXmlMinidomImport),
         (Flake8Bandit, "409") => (RuleGroup::Preview, rules::flake8_bandit::rules::SuspiciousXmlPulldomImport),
-        (Flake8Bandit, "410") => (RuleGroup::Preview, rules::flake8_bandit::rules::SuspiciousLxmlImport),
+        (Flake8Bandit, "410") => (RuleGroup::Removed, rules::flake8_bandit::rules::SuspiciousLxmlImport),
         (Flake8Bandit, "411") => (RuleGroup::Preview, rules::flake8_bandit::rules::SuspiciousXmlrpcImport),
         (Flake8Bandit, "412") => (RuleGroup::Preview, rules::flake8_bandit::rules::SuspiciousHttpoxyImport),
         (Flake8Bandit, "413") => (RuleGroup::Preview, rules::flake8_bandit::rules::SuspiciousPycryptoImport),

diff --git a/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_imports.rs b/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_imports.rs
@@ -211,8 +211,14 @@ impl Violation for SuspiciousXmlPulldomImport {
     }
 }
 
+/// ## Removed
+/// This rule was removed as the `lxml` library has been modified to address
+/// known vulnerabilities and unsafe defaults. As such, the `defusedxml`
+/// library is no longer necessary, `defusedxml` has [deprecated] its `lxml`
+/// module.
+///
 /// ## What it does
-/// Checks for imports of the`lxml` module.
+/// Checks for imports of the `lxml` module.
 ///
 /// ## Why is this bad?
 /// Using various methods from the `lxml` module to parse untrusted XML data is
@@ -223,6 +229,8 @@ impl Violation for SuspiciousXmlPulldomImport {
 /// ```python
 /// import lxml
 /// ```
+///
+/// [deprecated]: https://github.com/tiran/defusedxml/blob/c7445887f5e1bcea470a16f61369d29870cfcfe1/README.md#defusedxmllxml
 #[violation]
 pub struct SuspiciousLxmlImport;
 

diff --git a/ruff.schema.json b/ruff.schema.json