Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for XUnit files #288

Merged
merged 10 commits into from Jun 21, 2022
Merged

Add support for XUnit files #288

merged 10 commits into from Jun 21, 2022

Conversation

EnricoMi
Copy link
Owner

No description provided.

@EnricoMi EnricoMi changed the title Add XUnit support Add support for XUnit files May 23, 2022
sonatype-lift[bot]
sonatype-lift bot reviewed May 23, 2022
View reviewed changes
python/publish/trx.py Outdated
from typing import Iterable, Tuple, Union

from junitparser import JUnitXml
from lxml import etree
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

blacklist: Using etree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace etree with the equivalent defusedxml package.

(at-me in a reply with help or ignore)

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

sonatype-lift[bot]
sonatype-lift bot reviewed May 23, 2022
View reviewed changes
python/publish/trx.py Outdated
return Exception(f'File is empty.')

try:
trx = etree.parse(path)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

blacklist: Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.

(at-me in a reply with help or ignore)

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

sonatype-lift[bot]
sonatype-lift bot reviewed May 23, 2022
View reviewed changes
python/publish/trx.py Outdated


with (pathlib.Path(__file__).parent / 'xslt' / 'trx-to-junit.xslt').open('r', encoding='utf-8') as r:
transform_trx_to_junit = etree.XSLT(etree.parse(r))
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

blacklist: Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.

(at-me in a reply with help or ignore)

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

sonatype-lift[bot]
sonatype-lift bot reviewed May 23, 2022
View reviewed changes
python/publish/trx.py Outdated
from typing import Iterable, Tuple, Union

from junitparser import JUnitXml
from lxml import etree
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

opt.semgrep.python.lang.security.use-defused-xml.use-defused-xml: Found use of the native Python XML libraries, which is vulnerable to XML external entity (XXE)
attacks. The Python documentation recommends the 'defusedxml' library instead if the XML being
loaded is untrusted.

(at-me in a reply with help or ignore)

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

@github-actions

This comment has been minimized.

Sign in to view
@github-actions
Copy link

github-actions bot commented May 23, 2022
edited

Test Results (macOS 12 python installed)

       69 files  ±    0         69 suites  ±0   23m 21s ⏱️ - 1m 8s
     303 tests +    3       303 ✔️ +    3      0 💤 ±0  0 ±0 
20 907 runs  +207  20 367 ✔️ +207  540 💤 ±0  0 ±0 

Results for commit 1ae95bb. ± Comparison against base commit e633876.

♻️ This comment has been updated with latest results.

@github-actions
Copy link

github-actions bot commented May 23, 2022
edited

Test Results (Dockerfile)

       69 files         69 suites   23m 21s ⏱️
     303 tests      303 ✔️     0 💤 0
20 907 runs  20 367 ✔️ 540 💤 0

Results for commit 1ae95bb.

♻️ This comment has been updated with latest results.

@github-actions
Copy link

github-actions bot commented May 23, 2022
edited

Test Results (Docker Image)

       69 files  ±    0         69 suites  ±0   23m 21s ⏱️ - 1m 8s
     303 tests +    3       303 ✔️ +    3      0 💤 ±0  0 ±0 
20 907 runs  +207  20 367 ✔️ +207  540 💤 ±0  0 ±0 

Results for commit 1ae95bb. ± Comparison against base commit e633876.

♻️ This comment has been updated with latest results.

@github-actions
Copy link

github-actions bot commented May 23, 2022
edited

Test Results (Linux python 3.6)

       69 files  ±    0         69 suites  ±0   23m 21s ⏱️ - 1m 8s
     303 tests +    3       303 ✔️ +    3      0 💤 ±0  0 ±0 
20 907 runs  +207  20 367 ✔️ +207  540 💤 ±0  0 ±0 

Results for commit 1ae95bb. ± Comparison against base commit e633876.

♻️ This comment has been updated with latest results.

@github-actions
Copy link

github-actions bot commented May 23, 2022
edited

Test Results (macOS python 3.6)

       69 files  ±    0         69 suites  ±0   23m 21s ⏱️ - 1m 8s
     303 tests +    3       303 ✔️ +    3      0 💤 ±0  0 ±0 
20 907 runs  +207  20 367 ✔️ +207  540 💤 ±0  0 ±0 

Results for commit 1ae95bb. ± Comparison against base commit e633876.

♻️ This comment has been updated with latest results.

@github-actions
Copy link

github-actions bot commented May 23, 2022
edited

Test Results (Linux python installed)

       69 files  ±    0         69 suites  ±0   23m 21s ⏱️ - 1m 8s
     303 tests +    3       303 ✔️ +    3      0 💤 ±0  0 ±0 
20 907 runs  +207  20 367 ✔️ +207  540 💤 ±0  0 ±0 

Results for commit 1ae95bb. ± Comparison against base commit e633876.

♻️ This comment has been updated with latest results.

@github-actions
Copy link

github-actions bot commented May 23, 2022
edited

Test Results (Linux 22.04 python installed)

       69 files  ±    0         69 suites  ±0   23m 21s ⏱️ - 1m 8s
     303 tests +    3       303 ✔️ +    3      0 💤 ±0  0 ±0 
20 907 runs  +207  20 367 ✔️ +207  540 💤 ±0  0 ±0 

Results for commit 1ae95bb. ± Comparison against base commit e633876.

♻️ This comment has been updated with latest results.

@github-actions
Copy link

github-actions bot commented May 23, 2022
edited

Test Results (macOS python installed)

       69 files  ±    0         69 suites  ±0   23m 21s ⏱️ - 1m 8s
     303 tests +    3       303 ✔️ +    3      0 💤 ±0  0 ±0 
20 907 runs  +207  20 367 ✔️ +207  540 💤 ±0  0 ±0 

Results for commit 1ae95bb. ± Comparison against base commit e633876.

♻️ This comment has been updated with latest results.

@github-actions
Copy link

github-actions bot commented May 23, 2022
edited

Test Results (Windows python installed)

       69 files  ±    0         69 suites  ±0   23m 21s ⏱️ - 1m 8s
     303 tests +    3       303 ✔️ +    3      0 💤 ±0  0 ±0 
20 907 runs  +207  20 367 ✔️ +207  540 💤 ±0  0 ±0 

Results for commit 1ae95bb. ± Comparison against base commit e633876.

♻️ This comment has been updated with latest results.

@github-actions
Copy link

github-actions bot commented May 23, 2022
edited

Test Results (reference)

       69 files  ±    0         69 suites  ±0   23m 21s ⏱️ - 1m 8s
     303 tests +    3       303 ✔️ +    3      0 💤 ±0  0 ±0 
20 907 runs  +207  20 367 ✔️ +207  540 💤 ±0  0 ±0 

Results for commit 1ae95bb. ± Comparison against base commit e633876.

♻️ This comment has been updated with latest results.

@EnricoMi EnricoMi force-pushed the branch-add-xunit branch 2 times, most recently from 5f2eea1 to de47ad4 Compare May 23, 2022 20:54
sonatype-lift[bot]
sonatype-lift bot reviewed May 23, 2022
View reviewed changes
python/publish/xunit.py


with (pathlib.Path(__file__).parent / 'xslt' / 'xunit-to-junit.xslt').open('r', encoding='utf-8') as r:
transform_xunit_to_junit = etree.XSLT(etree.parse(r))
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

blacklist: Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.

(at-me in a reply with help or ignore)

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

sonatype-lift[bot]
sonatype-lift bot reviewed May 23, 2022
View reviewed changes
python/publish/xunit.py
from typing import Iterable, Tuple, Union

from junitparser import JUnitXml
from lxml import etree
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

blacklist: Using etree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace etree with the equivalent defusedxml package.

(at-me in a reply with help or ignore)

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

sonatype-lift[bot]
sonatype-lift bot reviewed May 23, 2022
View reviewed changes
python/publish/xunit.py
return Exception(f'File is empty.')

try:
trx = etree.parse(path)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

blacklist: Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.

(at-me in a reply with help or ignore)

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

sonatype-lift[bot]
sonatype-lift bot reviewed May 23, 2022
View reviewed changes
python/publish/xunit.py
from typing import Iterable, Tuple, Union

from junitparser import JUnitXml
from lxml import etree
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

opt.semgrep.python.lang.security.use-defused-xml.use-defused-xml: Found use of the native Python XML libraries, which is vulnerable to XML external entity (XXE)
attacks. The Python documentation recommends the 'defusedxml' library instead if the XML being
loaded is untrusted.

(at-me in a reply with help or ignore)

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

@github-actions

This comment has been minimized.

Sign in to view
sonatype-lift[bot]
sonatype-lift bot reviewed May 24, 2022
View reviewed changes
python/test/test_trx.py Outdated
import pathlib
import unittest

from lxml import etree
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

blacklist: Using etree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace etree with the equivalent defusedxml package.

(at-me in a reply with help or ignore)

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

sonatype-lift[bot]
sonatype-lift bot reviewed May 24, 2022
View reviewed changes
python/test/test_xunit.py Outdated
class TestXunit(unittest.TestCase):
def test_transform(self):
result_file = str(test_files_path / 'xunit.xml')
trx = etree.parse(str(result_file))
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

blacklist: Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.

(at-me in a reply with help or ignore)

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

sonatype-lift[bot]
sonatype-lift bot reviewed May 24, 2022
View reviewed changes
python/test/test_trx.py Outdated

def test_transform(self):
result_file = str(test_files_path / 'mstest.trx')
trx = etree.parse(str(result_file))
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

blacklist: Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.

(at-me in a reply with help or ignore)

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

sonatype-lift[bot]
sonatype-lift bot reviewed May 24, 2022
View reviewed changes
python/test/test_xunit.py Outdated
import pathlib
import unittest

from lxml import etree
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

blacklist: Using etree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace etree with the equivalent defusedxml package.

(at-me in a reply with help or ignore)

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
@EnricoMi EnricoMi changed the base branch from master to development May 28, 2022 08:54
@EnricoMi EnricoMi changed the base branch from development to development-2.0 May 28, 2022 08:56
@EnricoMi EnricoMi force-pushed the devel-2.0 branch 2 times, most recently from 36c4754 to 57463e0 Compare June 6, 2022 18:26
@github-actions

This comment has been minimized.

Sign in to view
@github-actions
Copy link

github-actions bot commented Jun 6, 2022
edited

Test Results (Test File)

97 tests  ±0   80 ✔️ ±0   3m 25s ⏱️ ±0s
  1 suites ±0   17 💤 ±0 
  1 files   ±0     0 ±0 

Results for commit 1ae95bb. ± Comparison against base commit e633876.

♻️ This comment has been updated with latest results.

@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
@github-actions
Copy link

Test Results (setup-python)

       69 files  ±    0         69 suites  ±0   23m 21s ⏱️ - 1m 8s
     303 tests +    3       303 ✔️ +    3      0 💤 ±0  0 ±0 
20 907 runs  +207  20 367 ✔️ +207  540 💤 ±0  0 ±0 

Results for commit 1ae95bb. ± Comparison against base commit e633876.

@EnricoMi EnricoMi merged commit 7d18cf0 into devel-2.0 Jun 21, 2022
@EnricoMi EnricoMi deleted the branch-add-xunit branch June 21, 2022 13:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sonatype-lift sonatype-lift[bot] sonatype-lift left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@EnricoMi