Sonar cloud fall into S5332 when I use zeep package and try to cache mime data

I use Python Zeep package and when i load wsdl the package is make request to

settings = Settings(strict=False, raw_response=True, xml_huge_tree=True)
wsdl = "local_repositoryservices.wsdl"
client = Client(wsdl, settings=settings)

Fall into:
2023-12-04T14:06:04.923618+00:00 INFO - - - - HTTP Request: GET http://www.w3.org/2005/05/xmlmime “HTTP/1.1 301 Moved Permanently” - - -

To not fall into this I use cache:

cache = SqliteCache(path='path_where_to_create_cache', timeout=None)
cache.add(
    "https://www.w3.org/2005/05/xmlmime", xml_mime_type.return_xml_mime()
)
cache.add(
    "http://www.w3.org/2005/05/xmlmime", xml_mime_type.return_xml_mime()
)
transport = AsyncTransport(cache=cache)
client = Client(wsdl=wsdl, settings=settings, transport=transport)

SonarCloud is right that I use http but not using for request to this link, there’s any option to deal with this?

Hi,

Welcome to the community and thanks for this report!

S5332 is a Security Hotspot rule. Security Hotspots are things that might be a problem, or they might not, depending on context. In your context, it’s fine, so you should feel comfortable marking it safe.

 
HTH,
Ann

1 Like

Hi, thanks for the update. Regards