from xml.sax.saxutils import escape
from xml.sax.saxutils import quoteattr
Are flagged as Severity: Low Confidence: High. Instructions are to use the equivalent defusedxml package.
- I do not believe these imports to be insecure as they are simple text substitutions.
- There is no defusedxml equivalent.
Expected behavior
Do not mark escape and quoteattr as vulnerable.
Bandit version
bandit 1.5.1
python version = 3.6.3 (default, Apr 26 2018, 13:16:02) [GCC 4.4.7 20120313 (Red Hat 4.4.7-18)]
Are flagged as Severity: Low Confidence: High. Instructions are to use the equivalent defusedxml package.
Expected behavior
Do not mark escape and quoteattr as vulnerable.
Bandit version