From 8fa57881d12d690d39cc81fc8bf393b569a4113c Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@users.noreply.github.com>
Date: Fri, 22 Dec 2023 02:47:33 +0900
Subject: [PATCH] defusedxml: Show correct module name (#1081)

The module name described in the warning message is incomplete and
confusing.
---
 bandit/blacklists/imports.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/bandit/blacklists/imports.py b/bandit/blacklists/imports.py
index cca7a4462..58dfcb3c7 100644
--- a/bandit/blacklists/imports.py
+++ b/bandit/blacklists/imports.py
@@ -146,8 +146,8 @@
 ----------------------
 
 XMLRPC is particularly dangerous as it is also concerned with communicating
-data over a network. Use defused.xmlrpc.monkey_patch() function to monkey-patch
-xmlrpclib and mitigate remote XML attacks.
+data over a network. Use defusedxml.xmlrpc.monkey_patch() function to
+monkey-patch xmlrpclib and mitigate remote XML attacks.
 
 +------+---------------------+------------------------------------+-----------+
 | ID   |  Name               |  Imports                           |  Severity |
@@ -376,7 +376,7 @@ def gen_blacklist():
             issue.Cwe.IMPROPER_INPUT_VALIDATION,
             ["xmlrpc"],
             "Using {name} to parse untrusted XML data is known to be "
-            "vulnerable to XML attacks. Use defused.xmlrpc.monkey_patch() "
+            "vulnerable to XML attacks. Use defusedxml.xmlrpc.monkey_patch() "
             "function to monkey-patch xmlrpclib and mitigate XML "
             "vulnerabilities.",
             "HIGH",