feat!: de/serialize with cattrs #934
9 new security issues (1 max.).
Issues
======
- Added 9
Complexity increasing per file
==============================
- cyclonedx/model/bom_ref.py 1
- cyclonedx/model/bom.py 20
- cyclonedx/output/xml.py 402
- cyclonedx/output/json.py 69
Complexity decreasing per file
==============================
+ cyclonedx/model/service.py -23
+ cyclonedx/model/vulnerability.py -94
+ cyclonedx/model/component.py -129
+ cyclonedx/model/release_note.py -26
+ cyclonedx/model/dependency.py -11
+ cyclonedx/model/issue.py -18
+ cyclonedx/serialization/__init__.py -2
+ cyclonedx/model/__init__.py -82
+ cyclonedx/model/license.py -36
+ cyclonedx/model/crypto.py -115
+ cyclonedx/model/contact.py -24
+ cyclonedx/model/tool.py -36
+ cyclonedx/model/lifecycle.py -26
+ cyclonedx/model/definition.py -37
+ cyclonedx/model/component_evidence.py -102
Clones added
============
- cyclonedx/model/service.py 4
- cyclonedx/model/vulnerability.py 7
- cyclonedx/model/release_note.py 3
- cyclonedx/model/dependency.py 1
- cyclonedx/model/issue.py 3
- cyclonedx/output/xml.py 4
- cyclonedx/output/json.py 2
- cyclonedx/model/__init__.py 12
- cyclonedx/model/crypto.py 13
- cyclonedx/model/contact.py 4
- cyclonedx/model/tool.py 1
- cyclonedx/model/lifecycle.py 2
Clones removed
==============
+ cyclonedx/model/component.py -11
+ cyclonedx/model/bom.py -10
+ cyclonedx/model/license.py -6
+ cyclonedx/model/definition.py -2
See the complete overview on Codacy
Annotations
Check warning on line 658 in cyclonedx/model/bom.py
codacy-production / Codacy Static Code Analysis
cyclonedx/model/bom.py#L658
Using Element to parse untrusted XML data is known to be vulnerable to XML attacks. Replace Element with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Check warning on line 663 in cyclonedx/model/bom.py
codacy-production / Codacy Static Code Analysis
cyclonedx/model/bom.py#L663
Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Check warning on line 666 in cyclonedx/model/bom.py
codacy-production / Codacy Static Code Analysis
cyclonedx/model/bom.py#L666
Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Check warning on line 694 in cyclonedx/model/bom.py
codacy-production / Codacy Static Code Analysis
cyclonedx/model/bom.py#L694
Using Element to parse untrusted XML data is known to be vulnerable to XML attacks. Replace Element with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Check warning on line 439 in cyclonedx/model/crypto.py
codacy-production / Codacy Static Code Analysis
cyclonedx/model/crypto.py#L439
Possible hardcoded password: 'secret-key'
Check warning on line 448 in cyclonedx/model/crypto.py
codacy-production / Codacy Static Code Analysis
cyclonedx/model/crypto.py#L448
Possible hardcoded password: 'shared-secret'
Check warning on line 451 in cyclonedx/model/crypto.py
codacy-production / Codacy Static Code Analysis
cyclonedx/model/crypto.py#L451
Possible hardcoded password: 'password'
Check warning on line 453 in cyclonedx/model/crypto.py
codacy-production / Codacy Static Code Analysis
cyclonedx/model/crypto.py#L453
Possible hardcoded password: 'token'
Check warning on line 930 in cyclonedx/output/xml.py
codacy-production / Codacy Static Code Analysis
cyclonedx/output/xml.py#L930
Using register_namespace to parse untrusted XML data is known to be vulnerable to XML attacks. Replace register_namespace with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.