suspicious-xmlrpc-import (S411)
Preview (since v0.1.12) · Related issues · View source
Derived from the flake8-bandit linter.
This rule is unstable and in preview. The --preview flag is required for use.
What it does
Checks for imports of the xmlrpc module.
Why is this bad?
XMLRPC is a particularly dangerous XML module, as it is also concerned with
communicating data over a network. Use the defused.xmlrpc.monkey_patch()
function to monkey-patch the xmlrpclib module and mitigate remote XML
attacks.