pre-commit/pre-commit-hooks
1
0
Fork 0
mirror of https://github.com/pre-commit/pre-commit-hooks.git synced 2026-04-12 05:54:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

use defusedxml for sax.parse().

Browse source
This commit is contained in:
Wu Tingfeng 2025-12-31 15:22:37 +08:00
parent f1dff44d3a
commit ccf427b4a0
No known key found for this signature in database
2 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
pre_commit_hooks/check_xml.py
View file

@ -4,6 +4,10 @@ import argparse
import xml.sax.handler import xml.sax.handler
from collections.abc import Sequence from collections.abc import Sequence
import defusedxml
defusedxml.defuse_stdlib()
def main(argv: Sequence[str] | None = None) -> int: def main(argv: Sequence[str] | None = None) -> int:
parser = argparse.ArgumentParser() parser = argparse.ArgumentParser()
@ -15,7 +19,7 @@ def main(argv: Sequence[str] | None = None) -> int:
for filename in args.filenames: for filename in args.filenames:
try: try:
with open(filename, 'rb') as xml_file: with open(filename, 'rb') as xml_file:
xml.sax.parse(xml_file, handler) defusedxml.sax.parse(xml_file, handler)
except xml.sax.SAXException as exc: except xml.sax.SAXException as exc:
print(f'{filename}: Failed to xml parse ({exc})') print(f'{filename}: Failed to xml parse ({exc})')
retval = 1 retval = 1

1
setup.cfg
View file

@ -18,6 +18,7 @@ classifiers =
[options] [options]
packages = find: packages = find:
install_requires = install_requires =
defusedxml>=0.7.1
ruamel.yaml>=0.15 ruamel.yaml>=0.15
tomli>=1.1.0;python_version<"3.11" tomli>=1.1.0;python_version<"3.11"
python_requires = >=3.10 python_requires = >=3.10