Add support for NUnit files #289
Conversation
![sonatype-lift[bot]](https://avatars.githubusercontent.com/in/9843?s=60&v=4){kind=small}
|
|
||
|
|
||
| with (pathlib.Path(__file__).parent / 'xslt' / 'nunit-to-junit.xslt').open('r', encoding='utf-8') as r: | ||
| transform_nunit_to_junit = etree.XSLT(etree.parse(r)) |
There was a problem hiding this comment.
blacklist: Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/publish/trx.py
Outdated
|
|
||
|
|
||
| with (pathlib.Path(__file__).parent / 'xslt' / 'trx-to-junit.xslt').open('r', encoding='utf-8') as r: | ||
| transform_trx_to_junit = etree.XSLT(etree.parse(r)) |
There was a problem hiding this comment.
blacklist: Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/publish/xunit.py
Outdated
|
|
||
|
|
||
| with (pathlib.Path(__file__).parent / 'xslt' / 'xunit-to-junit.xslt').open('r', encoding='utf-8') as r: | ||
| transform_xunit_to_junit = etree.XSLT(etree.parse(r)) |
There was a problem hiding this comment.
blacklist: Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| from typing import Iterable, Tuple, Union | ||
|
|
||
| from junitparser import JUnitXml | ||
| from lxml import etree |
There was a problem hiding this comment.
blacklist: Using etree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace etree with the equivalent defusedxml package.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/publish/nunit.py
Outdated
| return Exception(f'File is empty.') | ||
|
|
||
| try: | ||
| trx = etree.parse(path) |
There was a problem hiding this comment.
blacklist: Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/publish/trx.py
Outdated
| from typing import Iterable, Tuple, Union | ||
|
|
||
| from junitparser import JUnitXml | ||
| from lxml import etree |
There was a problem hiding this comment.
blacklist: Using etree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace etree with the equivalent defusedxml package.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/publish/trx.py
Outdated
| return Exception(f'File is empty.') | ||
|
|
||
| try: | ||
| trx = etree.parse(path) |
There was a problem hiding this comment.
blacklist: Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/publish/xunit.py
Outdated
| from typing import Iterable, Tuple, Union | ||
|
|
||
| from junitparser import JUnitXml | ||
| from lxml import etree |
There was a problem hiding this comment.
blacklist: Using etree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace etree with the equivalent defusedxml package.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/publish/xunit.py
Outdated
| return Exception(f'File is empty.') | ||
|
|
||
| try: | ||
| trx = etree.parse(path) |
There was a problem hiding this comment.
blacklist: Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| from typing import Iterable, Tuple, Union | ||
|
|
||
| from junitparser import JUnitXml | ||
| from lxml import etree |
There was a problem hiding this comment.
opt.semgrep.python.lang.security.use-defused-xml.use-defused-xml: Found use of the native Python XML libraries, which is vulnerable to XML external entity (XXE)
attacks. The Python documentation recommends the 'defusedxml' library instead if the XML being
loaded is untrusted.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/publish/trx.py
Outdated
| from typing import Iterable, Tuple, Union | ||
|
|
||
| from junitparser import JUnitXml | ||
| from lxml import etree |
There was a problem hiding this comment.
opt.semgrep.python.lang.security.use-defused-xml.use-defused-xml: Found use of the native Python XML libraries, which is vulnerable to XML external entity (XXE)
attacks. The Python documentation recommends the 'defusedxml' library instead if the XML being
loaded is untrusted.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/publish/xunit.py
Outdated
| from typing import Iterable, Tuple, Union | ||
|
|
||
| from junitparser import JUnitXml | ||
| from lxml import etree |
There was a problem hiding this comment.
opt.semgrep.python.lang.security.use-defused-xml.use-defused-xml: Found use of the native Python XML libraries, which is vulnerable to XML external entity (XXE)
attacks. The Python documentation recommends the 'defusedxml' library instead if the XML being
loaded is untrusted.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
This comment has been minimized.
This comment has been minimized.
Test Results (Linux 22.04 python installed) 69 files ± 0 69 suites ±0 27m 25s ⏱️ + 3m 55s Results for commit fc8cfbe. ± Comparison against base commit 7d18cf0. ♻️ This comment has been updated with latest results. |
EnricoMi
force-pushed
the
branch-add-nunit
branch
2 times, most recently
from
8af4c8b
to
c1fd6af
Compare
python/test/test_trx.py
Outdated
| import pathlib | ||
| import unittest | ||
|
|
||
| from lxml import etree |
There was a problem hiding this comment.
blacklist: Using etree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace etree with the equivalent defusedxml package.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/test/test_xunit.py
Outdated
| class TestXunit(unittest.TestCase): | ||
| def test_transform(self): | ||
| result_file = str(test_files_path / 'xunit.xml') | ||
| trx = etree.parse(str(result_file)) |
There was a problem hiding this comment.
blacklist: Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/test/test_trx.py
Outdated
|
|
||
| def test_transform(self): | ||
| result_file = str(test_files_path / 'mstest.trx') | ||
| trx = etree.parse(str(result_file)) |
There was a problem hiding this comment.
blacklist: Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/test/test_xunit.py
Outdated
| import pathlib | ||
| import unittest | ||
|
|
||
| from lxml import etree |
There was a problem hiding this comment.
blacklist: Using etree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace etree with the equivalent defusedxml package.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/test/test_utils.py
Outdated
| locale.setlocale(locale.LC_ALL, encoding) | ||
| locale_set = True | ||
| break | ||
| except: |
There was a problem hiding this comment.
try_except_pass: Try, Except, Pass detected.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
|
|
||
| base=$(dirname "$0") | ||
|
|
||
| python $base/../test_junit.py |
There was a problem hiding this comment.
SC2086: Double quote to prevent globbing and word splitting.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
|
|
||
| python $base/../test_junit.py | ||
| python $base/../test_nunit.py | ||
| python $base/../test_xunit.py |
There was a problem hiding this comment.
SC2086: Double quote to prevent globbing and word splitting.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| base=$(dirname "$0") | ||
|
|
||
| python $base/../test_junit.py | ||
| python $base/../test_nunit.py |
There was a problem hiding this comment.
SC2086: Double quote to prevent globbing and word splitting.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
| python $base/../test_junit.py | ||
| python $base/../test_nunit.py | ||
| python $base/../test_xunit.py | ||
| python $base/../test_trx.py |
There was a problem hiding this comment.
SC2086: Double quote to prevent globbing and word splitting.
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
This comment has been minimized.
This comment has been minimized.
EnricoMi
force-pushed
the
branch-add-nunit
branch
from
3335dd0
to
8d0e0ba
Compare
This comment has been minimized.
This comment has been minimized.
EnricoMi
force-pushed
the
devel-2.0
branch
2 times, most recently
from
36c4754
to
57463e0
Compare
EnricoMi
force-pushed
the
branch-add-nunit
branch
from
8d0e0ba
to
d349dcb
Compare
This comment has been minimized.
This comment has been minimized.
EnricoMi
force-pushed
the
branch-add-nunit
branch
from
d349dcb
to
77b34ae
Compare
This comment has been minimized.
This comment has been minimized.
EnricoMi
force-pushed
the
branch-add-nunit
branch
from
77b34ae
to
3f711a9
Compare
This comment has been minimized.
This comment has been minimized.
EnricoMi
force-pushed
the
branch-add-nunit
branch
from
3f711a9
to
336aa65
Compare
This comment has been minimized.
This comment has been minimized.
EnricoMi
force-pushed
the
branch-add-nunit
branch
from
336aa65
to
fc8cfbe
Compare
No description provided.