Skip to content

Comments

Various fixes and enhancements#71

Merged
ninsbl merged 5 commits intomainfrom
bug_fix
Jan 27, 2025
Merged

Various fixes and enhancements#71
ninsbl merged 5 commits intomainfrom
bug_fix

Conversation

@ninsbl
Copy link
Collaborator

@ninsbl ninsbl commented Jan 27, 2025

No description provided.

@ninsbl ninsbl added bug Something isn't working enhancement New feature or request labels Jan 27, 2025
@ninsbl ninsbl merged commit d909cbf into main Jan 27, 2025
7 of 12 checks passed
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 27, 2025
View reviewed changes
src/imagery/i.sentinel2.import/i.sentinel2.import.py
import sys

# import defusedxml.sax.handler as saxhandler
import xml.sax.handler as saxhandler

Check notice

Code scanning / Bandit

Using xml.sax.handler to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.handler with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called. Note

Using xml.sax.handler to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.handler with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
src/imagery/i.sentinel2.import/i.sentinel2.import.py
from multiprocessing import Pool
from pathlib import Path
from typing import TYPE_CHECKING
from xml import sax # NOQA: S406

Check notice

Code scanning / Bandit

Using sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called. Note

Using sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
src/imagery/i.sentinel2.import/i.sentinel2.import.py
"""
builder = TreeBuilder()
for mtd_file in scene_path.glob("**/MTD_*.xml"):
sax.parseString(mtd_file.read_text(), builder) # NOQA: S317

Check warning

Code scanning / Bandit

Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Warning

Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Something isn't working enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ninsbl