Skip to content

Remove # nosec comments from Python SDK templates #9206

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
iscai-msft merged 4 commits into from
Dec 16, 2025
+21 −3
Merged

Remove # nosec comments from Python SDK templates #9206

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2c1ea70
Initial plan
Copilot Dec 15, 2025
ef11a8f
fix
msyyc Dec 15, 2025
b4f772a
Merge branch 'main' into copilot/remove-nosec-from-python-sdk
msyyc Dec 16, 2025
c9d6e02
Merge branch 'main' into copilot/remove-nosec-from-python-sdk
msyyc Dec 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .chronus/changes/remove-nosec-python-2025-12-15-08-18-52.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
changeKind: fix
packages:
- "@typespec/http-client-python"
---

Remove `# nosec` comments from Python SDK to avoid security confusion
17 changes: 14 additions & 3 deletions packages/http-client-python/generator/pygen/codegen/templates/serialization.py.jinja2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -817,13 +817,20 @@ class Serializer: # pylint: disable=too-many-public-methods
:param str data_type: Type of object in the iterable.
:rtype: str, int, float, bool
:return: serialized object
:raises TypeError: raise if data_type is not one of str, int, float, bool.
"""
custom_serializer = cls._get_custom_serializers(data_type, **kwargs)
if custom_serializer:
return custom_serializer(data)
if data_type == "str":
return cls.serialize_unicode(data)
return eval(data_type)(data) # nosec # pylint: disable=eval-used
if data_type == "int":
return int(data)
if data_type == "float":
return float(data)
if data_type == "bool":
return bool(data)
raise TypeError("Unknown basic data type: {}".format(data_type))

@classmethod
def serialize_unicode(cls, data):
Expand Down Expand Up @@ -1753,7 +1760,7 @@ class Deserializer:
:param str data_type: deserialization data type.
:return: Deserialized basic type.
:rtype: str, int, float or bool
:raises TypeError: if string format is not valid.
:raises TypeError: if string format is not valid or data_type is not one of str, int, float, bool.
"""
# If we're here, data is supposed to be a basic type.
# If it's still an XML node, take the text
Expand All @@ -1779,7 +1786,11 @@ class Deserializer:

if data_type == "str":
return self.deserialize_unicode(attr)
return eval(data_type)(attr) # nosec # pylint: disable=eval-used
if data_type == "int":
return int(attr)
if data_type == "float":
return float(attr)
raise TypeError("Unknown basic data type: {}".format(data_type))

@staticmethod
def deserialize_unicode(data):
Expand Down
Loading