stellargraph/stellargraph

View on GitHub
scripts/ci/junit_to_github_checks.py

Summary

Maintainability
A
0 mins
Test Coverage

Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Open

import xml.etree.ElementTree as ET


Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Open

    tree = ET.parse(args.file)
Severity: Minor
Found in scripts/ci/junit_to_github_checks.py by bandit

There are no issues that match your filters.

Category
Status