New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move to lxml #286

Merged

EnricoMi merged 3 commits into master from branch-move-to-lxml

May 23, 2022

Owner

EnricoMi commented May 23, 2022

No description provided.


          Move to lxml

bd5367a

sonatype-lift bot reviewed

View reviewed changes

python/publish/junit.py

               import junitparser
               from junitparser import Element, JUnitXml, TestCase, TestSuite, Skipped
               from junitparser.junitparser import etree
               from publish.unittestresults import ParsedUnitTestResults, UnitTestCase, ParseError
+              try:
+                  import lxml

sonatype-lift bot May 23, 2022

blacklist: Using lxml to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml with the equivalent defusedxml package.

(at-me in a reply with help or ignore)

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

Owner Author

EnricoMi May 23, 2022

defusedxml.lxml is deprecated

Owner Author

EnricoMi May 23, 2022

@sonatype-lift ignore

sonatype-lift bot May 23, 2022

I've recorded this as ignored for this pull request. If you change your mind, just comment @sonatype-lift unignore.

sonatype-lift bot reviewed

View reviewed changes

python/publish/junit.py

               import junitparser
               from junitparser import Element, JUnitXml, TestCase, TestSuite, Skipped
               from junitparser.junitparser import etree
               from publish.unittestresults import ParsedUnitTestResults, UnitTestCase, ParseError
+              try:
+                  import lxml

sonatype-lift bot May 23, 2022

opt.semgrep.python.lang.security.use-defused-xml.use-defused-xml: Found use of the native Python XML libraries, which is vulnerable to XML external entity (XXE)
attacks. The Python documentation recommends the 'defusedxml' library instead if the XML being
loaded is untrusted.

(at-me in a reply with help or ignore)

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

Owner Author

EnricoMi May 23, 2022

defusedxml.lxml is deprecated

Owner Author

EnricoMi May 23, 2022

@sonatype-lift ignore

sonatype-lift bot May 23, 2022

I've recorded this as ignored for this pull request. If you change your mind, just comment @sonatype-lift unignore.

This comment has been minimized.

Sign in to view

github-actions bot commented May 23, 2022 •

edited

Test Results (macOS 12 python installed)

      69 files ±0       69 suites ±0 3m 38s ⏱️ -1s
    280 tests ±0     280 ✔️ ±0     0 💤 ±0 0 ❌ ±0
19 320 runs ±0 18 780 ✔️ ±0 540 💤 ±0 0 ❌ ±0

Results for commit 95718c8. ± Comparison against base commit c8ce9bb.

♻️ This comment has been updated with latest results.

github-actions bot commented May 23, 2022 •

edited

Test Results (macOS python installed)

      69 files ±0       69 suites ±0 3m 38s ⏱️ -1s
    280 tests ±0     280 ✔️ ±0     0 💤 ±0 0 ❌ ±0
19 320 runs ±0 18 780 ✔️ ±0 540 💤 ±0 0 ❌ ±0

Results for commit 95718c8. ± Comparison against base commit c8ce9bb.

♻️ This comment has been updated with latest results.

github-actions bot commented May 23, 2022 •

edited

Test Results (Test Files)

  26 files ±0     4 errors 23 suites ±0 39m 21s ⏱️ ±0s
279 tests ±0 228 ✔️ ±0 20 💤 ±0 25 ❌ ±0 6 🔥 ±0
450 runs ±0 358 ✔️ ±0 57 💤 ±0 28 ❌ ±0 7 🔥 ±0

For more details on these parsing errors, failures and errors, see this check.

Results for commit 95718c8. ± Comparison against base commit c8ce9bb.

♻️ This comment has been updated with latest results.

github-actions bot commented May 23, 2022 •

edited

Test Results (Dockerfile)

      69 files ±0       69 suites ±0 3m 38s ⏱️ -1s
    280 tests ±0     280 ✔️ ±0     0 💤 ±0 0 ❌ ±0
19 320 runs ±0 18 780 ✔️ ±0 540 💤 ±0 0 ❌ ±0

Results for commit 95718c8. ± Comparison against base commit c8ce9bb.

♻️ This comment has been updated with latest results.

github-actions bot commented May 23, 2022 •

edited

Test Results (Linux python 3.6)

      69 files ±0       69 suites ±0 3m 38s ⏱️ -1s
    280 tests ±0     280 ✔️ ±0     0 💤 ±0 0 ❌ ±0
19 320 runs ±0 18 780 ✔️ ±0 540 💤 ±0 0 ❌ ±0

Results for commit 95718c8. ± Comparison against base commit c8ce9bb.

♻️ This comment has been updated with latest results.

github-actions bot commented May 23, 2022 •

edited

Test Results (Linux python installed)

      69 files ±0       69 suites ±0 3m 38s ⏱️ -1s
    280 tests ±0     280 ✔️ ±0     0 💤 ±0 0 ❌ ±0
19 320 runs ±0 18 780 ✔️ ±0 540 💤 ±0 0 ❌ ±0

Results for commit 95718c8. ± Comparison against base commit c8ce9bb.

♻️ This comment has been updated with latest results.

github-actions bot commented May 23, 2022 •

edited

Test Results (Docker Image)

      69 files ±0       69 suites ±0 3m 38s ⏱️ -1s
    280 tests ±0     280 ✔️ ±0     0 💤 ±0 0 ❌ ±0
19 320 runs ±0 18 780 ✔️ ±0 540 💤 ±0 0 ❌ ±0

Results for commit 95718c8. ± Comparison against base commit c8ce9bb.

♻️ This comment has been updated with latest results.

github-actions bot commented May 23, 2022 •

edited

Test Results (macOS python 3.6)

      69 files ±0       69 suites ±0 3m 38s ⏱️ -1s
    280 tests ±0     280 ✔️ ±0     0 💤 ±0 0 ❌ ±0
19 320 runs ±0 18 780 ✔️ ±0 540 💤 ±0 0 ❌ ±0

Results for commit 95718c8. ± Comparison against base commit c8ce9bb.

♻️ This comment has been updated with latest results.

github-actions bot commented May 23, 2022 •

edited

Test Results (Linux 22.04 python installed)

      69 files ±0       69 suites ±0 3m 38s ⏱️ -1s
    280 tests ±0     280 ✔️ ±0     0 💤 ±0 0 ❌ ±0
19 320 runs ±0 18 780 ✔️ ±0 540 💤 ±0 0 ❌ ±0

Results for commit 95718c8. ± Comparison against base commit c8ce9bb.

♻️ This comment has been updated with latest results.

github-actions bot commented May 23, 2022 •

edited

Test Results (Windows python installed)

      69 files ±0       69 suites ±0 3m 38s ⏱️ -1s
    280 tests ±0     280 ✔️ ±0     0 💤 ±0 0 ❌ ±0
19 320 runs ±0 18 780 ✔️ ±0 540 💤 ±0 0 ❌ ±0

Results for commit 95718c8. ± Comparison against base commit c8ce9bb.

♻️ This comment has been updated with latest results.

github-actions bot commented May 23, 2022 •

edited

Test Results (reference)

      69 files ±0       69 suites ±0 3m 38s ⏱️ -1s
    280 tests ±0     280 ✔️ ±0     0 💤 ±0 0 ❌ ±0
19 320 runs ±0 18 780 ✔️ ±0 540 💤 ±0 0 ❌ ±0

Results for commit 95718c8. ± Comparison against base commit c8ce9bb.

♻️ This comment has been updated with latest results.

This comment has been minimized.

Sign in to view

EnricoMi force-pushed the branch-move-to-lxml branch from 2ef3da3 to a6568f7 Compare

May 23, 2022 11:39

This comment has been minimized.

Sign in to view


          Fix parse errors for Windows

ecc3cca

EnricoMi force-pushed the branch-move-to-lxml branch from a6568f7 to ecc3cca Compare

May 23, 2022 12:15

This comment has been minimized.

Sign in to view


          Make line and column truely optionial in ParseError

95718c8

github-actions bot commented May 23, 2022

Test Results (setup-python)

      69 files ±0       69 suites ±0 3m 38s ⏱️ -1s
    280 tests ±0     280 ✔️ ±0     0 💤 ±0 0 ❌ ±0
19 320 runs ±0 18 780 ✔️ ±0 540 💤 ±0 0 ❌ ±0

Results for commit 95718c8. ± Comparison against base commit c8ce9bb.

EnricoMi marked this pull request as ready for review

May 23, 2022 13:08

EnricoMi merged commit 0d4dba7 into master

EnricoMi deleted the branch-move-to-lxml branch

May 23, 2022 13:09

EnricoMi added a commit that referenced this pull request


          Move to lxml (#286)

14332cb

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment