🔒️ fix bandit warnings

1 files changed, 13 insertions, 6 deletions

diff --git a/ishtar_common/utils_secretary.py b/ishtar_common/utils_secretary.py
index 0ce4732d4..77a2cbc9b 100644
--- a/ishtar_common/utils_secretary.py
+++ b/ishtar_common/utils_secretary.py
@@ -2,8 +2,9 @@
 # -*- coding: utf-8 -*-
 import re
 from secretary import Renderer
-from lxml import etree
-from xml.dom.minidom import parseString
+# source files is from admin user this should be safe
+from lxml import etree  # nosec
+from xml.dom.minidom import parseString  # nosec
 from xml.parsers.expat import ExpatError, ErrorString
 from PIL import Image
 
@@ -108,10 +109,16 @@ class IshtarSecretaryRenderer(Renderer):
             result = jinja_template.render(**kwargs)
 
             # try to fix xml with mismatched tags
-            parser = etree.XMLParser(recover=True)
-            recovered_xml = etree.fromstring(result.encode("ascii", "xmlcharrefreplace"), parser)
-
-            final_xml = parseString(etree.tostring(recovered_xml))
+            # source files is from admin user this should be safe
+            parser = etree.XMLParser(recover=True)  # nosec
+            recovered_xml = etree.fromstring(
+                result.encode("ascii", "xmlcharrefreplace"),
+                parser)
+
+            # source files is from admin user this should be safe
+            final_xml = parseString(  # nosec
+                etree.tostring(recovered_xml)
+            )
 
             if self.template_images:
                 self.replace_images(final_xml)