mig5/jinjaturtle
1
0
Fork 0
Code Issues Pull requests Projects Releases 8 Packages Wiki Activity Actions

Satisfy the needs of defusedxml.defuse_stdlib() whilst still retaining functionality and passing tests
Some checks failed
CI / test (push) Successful in 40s
Details
Lint / test (push) Failing after 23s
Details
Trivy / test (push) Successful in 23s
Details

Browse source
This commit is contained in:
Miguel Jacq 2025-11-27 15:21:17 +11:00
parent 910234ed65
commit 3840b71812
Signed by: mig5
GPG key ID: 59B3F0C24135C6A9
2 changed files with 7 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/jinjaturtle/core.py
View file

@ -2,7 +2,7 @@ from __future__ import annotations
import configparser
import json
import xml.etree.ElementTree as ET # nosec
import xml.etree.ElementTree as ET # nosec
import yaml
from collections import Counter, defaultdict
@ -103,9 +103,7 @@ def parse_config(path: Path, fmt: str | None = None) -> tuple[str, Any]:
if fmt == "xml":
text = path.read_text(encoding="utf-8")
# defusedxml.defuse_stdlib() is called in CLI entrypoint
parser = ET.XMLParser(target=ET.TreeBuilder(insert_comments=False)) # nosec
root = ET.fromstring(text, parser=parser) # nosec
root = ET.fromstring(text) # nosec B314
return fmt, root
raise ValueError(f"Unsupported config format: {fmt}")
@ -870,8 +868,9 @@ def _generate_xml_template_from_text(role_prefix: str, text: str) -> str:
# Parse with comments included so <!-- --> are preserved
# defusedxml.defuse_stdlib() is called in CLI entrypoint
parser = ET.XMLParser(target=ET.TreeBuilder(insert_comments=True)) # nosec
root = ET.fromstring(body, parser=parser) # nosec
parser = ET.XMLParser(target=ET.TreeBuilder(insert_comments=True)) # nosec B314
parser.feed(body)
root = parser.close()
_apply_jinja_to_xml_tree(role_prefix, root)

6
tests/test_core.py
View file

@ -566,8 +566,7 @@ def test_generate_template_xml_structural_fallback():
</root>
"""
)
parser = ET.XMLParser(target=ET.TreeBuilder(insert_comments=False))
root = ET.fromstring(xml_text, parser=parser)
root = ET.fromstring(xml_text)
tmpl = generate_template("xml", parsed=root, role_prefix="role")
@ -643,8 +642,7 @@ def test_flatten_xml_text_with_attributes_uses_value_suffix():
the text at path + ('value',), not just path.
"""
xml_text = "<root><node attr='x'>text</node></root>"
parser = ET.XMLParser(target=ET.TreeBuilder(insert_comments=False))
root = ET.fromstring(xml_text, parser=parser)
root = ET.fromstring(xml_text)
items = flatten_config("xml", root)