bandit1.7.0

S320 Using {name} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {name} with its defusedxml equivalent function.

  • lxml.etree.parse
  • lxml.etree.fromstring
  • lxml.etree.RestrictedElement
  • lxml.etree.GlobalParserTLS
  • lxml.etree.getDefaultParser
  • lxml.etree.check_docinfo