Using xmlrpc is potentially unsafe and defusedxml.xmlrpc should be used instead.
We should enhance the existing use-defusedxml codemod to replace calls to xmlrpc with defusedxml.xmlrpc.
See this Semgrep rule for an example of the kinds of patterns we should detect and replace: https://semgrep.dev/r?q=python.lang.security.use-defused-xmlrpc.use-defused-xmlrpc
Using xmlrpc is potentially unsafe and
defusedxml.xmlrpcshould be used instead.We should enhance the existing
use-defusedxmlcodemod to replace calls toxmlrpcwithdefusedxml.xmlrpc.See this Semgrep rule for an example of the kinds of patterns we should detect and replace: https://semgrep.dev/r?q=python.lang.security.use-defused-xmlrpc.use-defused-xmlrpc