Skip to content

Commit

Permalink
Use defusedxml for untrusted xml data in deserialization (#2829)
Browse files Browse the repository at this point in the history
  • Loading branch information
@msyyc
msyyc authored Sep 10, 2024
1 parent db304e9 commit 2005007
Show file tree
Hide file tree
Showing 138 changed files with 144 additions and 137 deletions.
7 changes: 7 additions & 0 deletions .chronus/changes/fix-xml-2024-8-10-11-42-32.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
changeKind: fix
packages:
- "@azure-tools/typespec-python"
---

Fix bandit error in serialization
2 changes: 1 addition & 1 deletion packages/typespec-python/generator/pygen/codegen/templates/model_base.py.jinja2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...c-python/test/azure/generated/authentication-api-key/authentication/apikey/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...test/azure/generated/authentication-http-custom/authentication/http/custom/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...ec-python/test/azure/generated/authentication-oauth2/authentication/oauth2/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...spec-python/test/azure/generated/authentication-union/authentication/union/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...azure-client-generator-core-access/specs/azure/clientgenerator/core/access/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...tor-core-flatten-property/specs/azure/clientgenerator/core/flattenproperty/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...d/azure-client-generator-core-usage/specs/azure/clientgenerator/core/usage/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...pespec-python/test/azure/generated/azure-core-basic/specs/azure/core/basic/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...test/azure/generated/azure-core-lro-standard/specs/azure/core/lro/standard/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...pespec-python/test/azure/generated/azure-core-model/specs/azure/core/model/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...typespec-python/test/azure/generated/azure-core-page/specs/azure/core/page/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...spec-python/test/azure/generated/azure-core-scalar/specs/azure/core/scalar/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...spec-python/test/azure/generated/azure-core-traits/specs/azure/core/traits/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...-python/test/azure/generated/azure-example-basic/specs/azure/example/basic/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...-managed-identity/azure/resourcemanager/models/commontypes/managedidentity/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...e-resource-manager-models-resources/azure/resourcemanager/models/resources/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...-special-headers-client-request-id/azure/specialheaders/xmsclientrequestid/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...s/typespec-python/test/azure/generated/azurecore-lro-rpc/azurecore/lro/rpc/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion packages/typespec-python/test/azure/generated/client-naming/client/naming/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...hon/test/azure/generated/client-structure-default/client/structure/service/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion .../azure/generated/client-structure-multiclient/client/structure/multiclient/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...erated/client-structure-renamedoperation/client/structure/renamedoperation/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...ated/client-structure-twooperationgroup/client/structure/twooperationgroup/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion packages/typespec-python/test/azure/generated/encode-bytes/encode/bytes/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion packages/typespec-python/test/azure/generated/encode-datetime/encode/datetime/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion packages/typespec-python/test/azure/generated/encode-duration/encode/duration/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion packages/typespec-python/test/azure/generated/encode-numeric/encode/numeric/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...typespec-python/test/azure/generated/headasbooleanfalse/headasbooleanfalse/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...s/typespec-python/test/azure/generated/headasbooleantrue/headasbooleantrue/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...ges/typespec-python/test/azure/generated/parameters-basic/parameters/basic/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...est/azure/generated/parameters-body-optionality/parameters/bodyoptionality/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...t/azure/generated/parameters-collection-format/parameters/collectionformat/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...s/typespec-python/test/azure/generated/parameters-spread/parameters/spread/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...est/azure/generated/payload-content-negotiation/payload/contentnegotiation/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...ython/test/azure/generated/payload-json-merge-patch/payload/jsonmergepatch/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion .../typespec-python/test/azure/generated/payload-media-type/payload/mediatype/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...s/typespec-python/test/azure/generated/payload-multipart/payload/multipart/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...ges/typespec-python/test/azure/generated/payload-pageable/payload/pageable/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion packages/typespec-python/test/azure/generated/payload-xml/payload/xml/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...-python/test/azure/generated/resiliency-srv-driven1/resiliency/srv/driven1/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion ...-python/test/azure/generated/resiliency-srv-driven2/resiliency/srv/driven2/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
2 changes: 1 addition & 1 deletion packages/typespec-python/test/azure/generated/routes/routes/_model_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@ def _deserialize_xml(
deserializer: typing.Any,
value: str,
) -> typing.Any:
element = ET.fromstring(value)
element = ET.fromstring(value) # nosec
return _deserialize(deserializer, element)


Expand Down
Loading

0 comments on commit 2005007

Please sign in to comment.