mig5/jinjaturtle
1
0
Fork 0
Code Issues Pull requests Projects Releases 11 Packages Wiki Activity Actions

Satisfy the needs of defusedxml.defuse_stdlib() whilst still retaining functionality and passing tests
Some checks failed
CI / test (push) Successful in 40s
Details
Lint / test (push) Failing after 23s
Details
Trivy / test (push) Successful in 23s
Details

Browse source
This commit is contained in:
Miguel Jacq 2025-11-27 15:21:17 +11:00
parent 910234ed65
commit 3840b71812
Signed by: mig5
GPG key ID: 59B3F0C24135C6A9
2 changed files with 7 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/jinjaturtle/core.py
View file

@ -2,7 +2,7 @@ from __future__ import annotations
import configparser
import json
import xml.etree.ElementTree as ET # nosec
import xml.etree.ElementTree as ET # nosec
import yaml
from collections import Counter, defaultdict
@ -103,9 +103,7 @@ def parse_config(path: Path, fmt: str | None = None) -> tuple[str, Any]:
if fmt == "xml":
text = path.read_text(encoding="utf-8")
# defusedxml.defuse_stdlib() is called in CLI entrypoint
parser = ET.XMLParser(target=ET.TreeBuilder(insert_comments=False)) # nosec
root = ET.fromstring(text, parser=parser) # nosec
root = ET.fromstring(text) # nosec B314
return fmt, root
raise ValueError(f"Unsupported config format: {fmt}")
@ -870,8 +868,9 @@ def _generate_xml_template_from_text(role_prefix: str, text: str) -> str:
# Parse with comments included so <!-- --> are preserved
# defusedxml.defuse_stdlib() is called in CLI entrypoint
parser = ET.XMLParser(target=ET.TreeBuilder(insert_comments=True)) # nosec
root = ET.fromstring(body, parser=parser) # nosec
parser = ET.XMLParser(target=ET.TreeBuilder(insert_comments=True)) # nosec B314
parser.feed(body)
root = parser.close()
_apply_jinja_to_xml_tree(role_prefix, root)