bandit1.7.0

S314 Using {name} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {name} with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called

  • xml.etree.ElementTree.parse
  • xml.etree.ElementTree.iterparse
  • xml.etree.ElementTree.fromstring
  • xml.etree.ElementTree.XMLParser