Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Ruff: Add N817 #12072

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 25, 2025
Merged

Ruff: Add N817 #12072

merged 1 commit into from
Mar 25, 2025

Conversation

manuel-sommer
Copy link
Contributor

No description provided.

@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

XML parsing imports were standardized across security tool parsers by directly importing ElementTree from defusedxml without the as ET alias, maintaining existing security protections against XML-based attacks.

Expand for full summary

PR Summary:
Multiple files updated with consistent XML parsing import modifications, removing as ET alias and directly importing ElementTree from defusedxml across various security tool parsers.

Security Findings:

  • No direct security vulnerabilities were introduced in these changes
  • All files continue to use defusedxml, which provides protection against XML-based attacks like:
    • XML External Entity (XXE) injection
    • Entity expansion attacks
    • Billion laughs attack
    • Quadratic blowup attack

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Mar 22, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit c67295d into DefectDojo:dev Mar 25, 2025
76 checks passed
@manuel-sommer manuel-sommer deleted the ruff_N817 branch March 25, 2025 19:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@hblankenship hblankenship hblankenship approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
lint parser
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@manuel-sommer @mtesauro @dogboat @hblankenship @Maffooch