Pleasing black

Author: Lucas-C

fpdf/fpdf.py

@@ -2732,11 +2732,15 @@ def image(
         if isinstance(name, str):
             img = None
         elif isinstance(name, Image.Image):
-            name, img = hashlib.md5(name.tobytes()).hexdigest(), name  # nosec B303,B324 # we just build a cache key, this is secure
+            bytes = name.tobytes()
+            # disabling bandit rule as we just build a cache key, this is secure
+            name, img = hashlib.md5(bytes).hexdigest(), name  # nosec B303 B324
         elif isinstance(name, io.BytesIO):
             if _is_xml(name):
                 return self._vector_image(name, x, y, w, h, link, title, alt_text)
-            name, img = hashlib.md5(name.getvalue()).hexdigest(), name  # nosec B303,B324 # we just build a cache key, this is secure
+            bytes = name.getvalue()
+            # disabling bandit rule as we just build a cache key, this is secure
+            name, img = hashlib.md5(bytes).hexdigest(), name  # nosec B303 B324
         else:
             name, img = str(name), name
         info = self.images.get(name)

fpdf/image_parsing.py

@@ -22,7 +22,8 @@ def load_image(filename):
         return filename
     # by default loading from network is allowed for all images
     if filename.startswith(("http://", "https://")):
-        with urlopen(filename) as url_file:  # nosec B310 # permitted schemes are whitelisted
+        # disabling bandit rule as permitted schemes are whitelisted:
+        with urlopen(filename) as url_file:  # nosec B310
             return BytesIO(url_file.read())
     elif filename.startswith("data"):
         return _decode_base64_image(filename)

test/image/test_vector_image.py

@@ -60,6 +60,7 @@ def test_svg_image_from_bytesio(tmp_path):
 
 
 def test_svg_image_billion_laughs():
+    "cf. https://pypi.org/project/defusedxml/#attack-vectors"
     pdf = fpdf.FPDF()
     pdf.add_page()
     with pytest.raises(EntitiesForbidden):