astral-sh/ruff
Vedi su GitHubflake8-bandit import check should not trigger on TYPE_CHECKING imports or classes not in defusedxml
Open
#14.901 aperta il 10 dic 2024
help wanted
Metriche repository
- Star
- (47.527 star)
- Metriche merge PR
- (Merge medio 3g 8h) (573 PR mergiate in 30 g)
Descrizione
The following code triggers S408 ("xml.dom.minidom is vulnerable to XML attacks"):
from typing import TYPE_CHECKING
if TYPE_CHECKING:
from xml.dom.minidom import Element
As far as I know, defusedxml, which this rule suggests as an alternative, does not supply alternative implementations for most of the types, only of some functions. In other words, I have to import types like these for the standard library; there is no defusedxml alternative.
So in order to signal to Ruff that "this is fine"™, I've tried moving the import to TYPE_CHECKING, but still received the same error.
This probably applies to other rules in the S4xx range, too.