[Git][reproducible-builds/diffoscope][master] 2 commits: Remove unused logging facility from a few comparators.

Chris Lamb (@lamby) gitlab at salsa.debian.org
Wed Jan 15 14:59:09 UTC 2025 


Chris Lamb pushed to branch master at Reproducible Builds / diffoscope


Commits:
2836c788 by Chris Lamb at 2025-01-15T14:53:08+00:00
Remove unused logging facility from a few comparators.

- - - - -
53ac5370 by Chris Lamb at 2025-01-15T14:58:56+00:00
Print a warning if we have disabled XML comparisons due to a potentially vulnerable version of pyexpat.

- - - - -


3 changed files:

- diffoscope/comparators/symlink.py
- diffoscope/comparators/xar.py
- diffoscope/comparators/xml.py


Changes:

=====================================
diffoscope/comparators/symlink.py
=====================================
@@ -18,15 +18,12 @@
 # along with diffoscope.  If not, see <https://www.gnu.org/licenses/>.
 
 import os
-import logging
 
 from diffoscope.tempfiles import get_named_temporary_file
 from diffoscope.difference import Difference
 
 from .utils.file import File
 
-logger = logging.getLogger(__name__)
-
 
 class Symlink(File):
     DESCRIPTION = "symlinks"


=====================================
diffoscope/comparators/xar.py
=====================================
@@ -18,7 +18,6 @@
 # along with diffoscope.  If not, see <https://www.gnu.org/licenses/>.
 import hashlib
 import re
-import logging
 import struct
 import xml.etree.ElementTree as ET
 import zlib
@@ -28,8 +27,6 @@ from .utils.file import File
 from .utils.archive import Archive
 from diffoscope.difference import Difference
 
-logger = logging.getLogger(__name__)
-
 
 class XarContainer(Archive):
     def get_member_names(self):


=====================================
diffoscope/comparators/xml.py
=====================================
@@ -19,6 +19,7 @@
 
 import re
 import pyexpat
+import logging
 
 from xml.parsers.expat import ExpatError
 
@@ -60,6 +61,13 @@ def is_vulnerable_xml_parser():
     return pyexpat_version < (2, 6, 0)
 
 
+logger = logging.getLogger(__name__)
+if is_vulnerable_xml_parser():
+    logger.warning(
+        "Vulnerable version of pyexpat detected; disabling comparison of XML documents. Install defusedxml or upgrade your pyexpat."
+    )
+
+
 def _format(node):
     """
     Removes *inplace* spaces from minidom.Document



View it on GitLab: https://salsa.debian.org/reproducible-builds/diffoscope/-/compare/c8cd8ee45f6fe5029a6d5cae586d8ceda20ee8b3...53ac53706959053abf050d4cc90c456d8aa2e763

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/diffoscope/-/compare/c8cd8ee45f6fe5029a6d5cae586d8ceda20ee8b3...53ac53706959053abf050d4cc90c456d8aa2e763
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20250115/14ae77b3/attachment.htm>

More information about the rb-commits mailing list