From a1905172a85504b836d21e64e45bf2d633178842 Mon Sep 17 00:00:00 2001 From: Charlie Marsh Date: Wed, 28 Feb 2024 12:38:55 -0500 Subject: [PATCH] [`flake8-bandit`] Remove `suspicious-lxml-import` (`S410`) (#10154) ## Summary The `lxml` library has been modified to address known vulnerabilities and unsafe defaults. As such, the `defusedxml` library is no longer necessary, `defusedxml` has deprecated its `lxml` module. Closes https://github.com/astral-sh/ruff/issues/10030. --- crates/ruff_linter/src/codes.rs | 2 +- .../rules/flake8_bandit/rules/suspicious_imports.rs | 10 +++++++++- ruff.schema.json | 1 - 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/crates/ruff_linter/src/codes.rs b/crates/ruff_linter/src/codes.rs index 5cf0293d1292e..06c9cff0dfd95 100644 --- a/crates/ruff_linter/src/codes.rs +++ b/crates/ruff_linter/src/codes.rs @@ -655,7 +655,7 @@ pub fn code_to_rule(linter: Linter, code: &str) -> Option<(RuleGroup, Rule)> { (Flake8Bandit, "407") => (RuleGroup::Preview, rules::flake8_bandit::rules::SuspiciousXmlExpatImport), (Flake8Bandit, "408") => (RuleGroup::Preview, rules::flake8_bandit::rules::SuspiciousXmlMinidomImport), (Flake8Bandit, "409") => (RuleGroup::Preview, rules::flake8_bandit::rules::SuspiciousXmlPulldomImport), - (Flake8Bandit, "410") => (RuleGroup::Preview, rules::flake8_bandit::rules::SuspiciousLxmlImport), + (Flake8Bandit, "410") => (RuleGroup::Removed, rules::flake8_bandit::rules::SuspiciousLxmlImport), (Flake8Bandit, "411") => (RuleGroup::Preview, rules::flake8_bandit::rules::SuspiciousXmlrpcImport), (Flake8Bandit, "412") => (RuleGroup::Preview, rules::flake8_bandit::rules::SuspiciousHttpoxyImport), (Flake8Bandit, "413") => (RuleGroup::Preview, rules::flake8_bandit::rules::SuspiciousPycryptoImport), diff --git a/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_imports.rs b/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_imports.rs index 3c4269978ebb2..f77b8bc2724a2 100644 --- a/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_imports.rs +++ b/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_imports.rs @@ -211,8 +211,14 @@ impl Violation for SuspiciousXmlPulldomImport { } } +/// ## Removed +/// This rule was removed as the `lxml` library has been modified to address +/// known vulnerabilities and unsafe defaults. As such, the `defusedxml` +/// library is no longer necessary, `defusedxml` has [deprecated] its `lxml` +/// module. +/// /// ## What it does -/// Checks for imports of the`lxml` module. +/// Checks for imports of the `lxml` module. /// /// ## Why is this bad? /// Using various methods from the `lxml` module to parse untrusted XML data is @@ -223,6 +229,8 @@ impl Violation for SuspiciousXmlPulldomImport { /// ```python /// import lxml /// ``` +/// +/// [deprecated]: https://github.com/tiran/defusedxml/blob/c7445887f5e1bcea470a16f61369d29870cfcfe1/README.md#defusedxmllxml #[violation] pub struct SuspiciousLxmlImport; diff --git a/ruff.schema.json b/ruff.schema.json index 0eceb97281751..c0b1d6bb61502 100644 --- a/ruff.schema.json +++ b/ruff.schema.json @@ -3594,7 +3594,6 @@ "S408", "S409", "S41", - "S410", "S411", "S412", "S413",