-
-
Notifications
You must be signed in to change notification settings - Fork 184
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for NUnit files #289
Conversation
|
||
|
||
with (pathlib.Path(__file__).parent / 'xslt' / 'nunit-to-junit.xslt').open('r', encoding='utf-8') as r: | ||
transform_nunit_to_junit = etree.XSLT(etree.parse(r)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
blacklist: Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/publish/trx.py
Outdated
|
||
|
||
with (pathlib.Path(__file__).parent / 'xslt' / 'trx-to-junit.xslt').open('r', encoding='utf-8') as r: | ||
transform_trx_to_junit = etree.XSLT(etree.parse(r)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
blacklist: Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/publish/xunit.py
Outdated
|
||
|
||
with (pathlib.Path(__file__).parent / 'xslt' / 'xunit-to-junit.xslt').open('r', encoding='utf-8') as r: | ||
transform_xunit_to_junit = etree.XSLT(etree.parse(r)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
blacklist: Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
from typing import Iterable, Tuple, Union | ||
|
||
from junitparser import JUnitXml | ||
from lxml import etree |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
blacklist: Using etree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace etree with the equivalent defusedxml package.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/publish/nunit.py
Outdated
return Exception(f'File is empty.') | ||
|
||
try: | ||
trx = etree.parse(path) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
blacklist: Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/publish/trx.py
Outdated
from typing import Iterable, Tuple, Union | ||
|
||
from junitparser import JUnitXml | ||
from lxml import etree |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
blacklist: Using etree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace etree with the equivalent defusedxml package.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/publish/trx.py
Outdated
return Exception(f'File is empty.') | ||
|
||
try: | ||
trx = etree.parse(path) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
blacklist: Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/publish/xunit.py
Outdated
from typing import Iterable, Tuple, Union | ||
|
||
from junitparser import JUnitXml | ||
from lxml import etree |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
blacklist: Using etree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace etree with the equivalent defusedxml package.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/publish/xunit.py
Outdated
return Exception(f'File is empty.') | ||
|
||
try: | ||
trx = etree.parse(path) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
blacklist: Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
from typing import Iterable, Tuple, Union | ||
|
||
from junitparser import JUnitXml | ||
from lxml import etree |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
opt.semgrep.python.lang.security.use-defused-xml.use-defused-xml: Found use of the native Python XML libraries, which is vulnerable to XML external entity (XXE)
attacks. The Python documentation recommends the 'defusedxml' library instead if the XML being
loaded is untrusted.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/publish/trx.py
Outdated
from typing import Iterable, Tuple, Union | ||
|
||
from junitparser import JUnitXml | ||
from lxml import etree |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
opt.semgrep.python.lang.security.use-defused-xml.use-defused-xml: Found use of the native Python XML libraries, which is vulnerable to XML external entity (XXE)
attacks. The Python documentation recommends the 'defusedxml' library instead if the XML being
loaded is untrusted.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/publish/xunit.py
Outdated
from typing import Iterable, Tuple, Union | ||
|
||
from junitparser import JUnitXml | ||
from lxml import etree |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
opt.semgrep.python.lang.security.use-defused-xml.use-defused-xml: Found use of the native Python XML libraries, which is vulnerable to XML external entity (XXE)
attacks. The Python documentation recommends the 'defusedxml' library instead if the XML being
loaded is untrusted.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
This comment has been minimized.
This comment has been minimized.
Test Results (Linux 22.04 python installed) 69 files ± 0 69 suites ±0 27m 25s ⏱️ + 3m 55s Results for commit fc8cfbe. ± Comparison against base commit 7d18cf0. ♻️ This comment has been updated with latest results. |
8af4c8b
to
c1fd6af
Compare
python/test/test_trx.py
Outdated
import pathlib | ||
import unittest | ||
|
||
from lxml import etree |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
blacklist: Using etree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace etree with the equivalent defusedxml package.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/test/test_xunit.py
Outdated
class TestXunit(unittest.TestCase): | ||
def test_transform(self): | ||
result_file = str(test_files_path / 'xunit.xml') | ||
trx = etree.parse(str(result_file)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
blacklist: Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/test/test_trx.py
Outdated
|
||
def test_transform(self): | ||
result_file = str(test_files_path / 'mstest.trx') | ||
trx = etree.parse(str(result_file)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
blacklist: Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/test/test_xunit.py
Outdated
import pathlib | ||
import unittest | ||
|
||
from lxml import etree |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
blacklist: Using etree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace etree with the equivalent defusedxml package.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python/test/test_utils.py
Outdated
locale.setlocale(locale.LC_ALL, encoding) | ||
locale_set = True | ||
break | ||
except: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
try_except_pass: Try, Except, Pass detected.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
|
||
base=$(dirname "$0") | ||
|
||
python $base/../test_junit.py |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SC2086: Double quote to prevent globbing and word splitting.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
|
||
python $base/../test_junit.py | ||
python $base/../test_nunit.py | ||
python $base/../test_xunit.py |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SC2086: Double quote to prevent globbing and word splitting.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
base=$(dirname "$0") | ||
|
||
python $base/../test_junit.py | ||
python $base/../test_nunit.py |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SC2086: Double quote to prevent globbing and word splitting.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
python $base/../test_junit.py | ||
python $base/../test_nunit.py | ||
python $base/../test_xunit.py | ||
python $base/../test_trx.py |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SC2086: Double quote to prevent globbing and word splitting.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
This comment has been minimized.
This comment has been minimized.
3335dd0
to
8d0e0ba
Compare
This comment has been minimized.
This comment has been minimized.
36c4754
to
57463e0
Compare
8d0e0ba
to
d349dcb
Compare
This comment has been minimized.
This comment has been minimized.
d349dcb
to
77b34ae
Compare
This comment has been minimized.
This comment has been minimized.
77b34ae
to
3f711a9
Compare
This comment has been minimized.
This comment has been minimized.
3f711a9
to
336aa65
Compare
This comment has been minimized.
This comment has been minimized.
336aa65
to
fc8cfbe
Compare
No description provided.