refactor(ox): be more defensive

helmut-hoffer-von-ankershoffen · helmut-hoffer-von-ankershoffen · commit a7fde72fe287 · 2025-11-02T09:43:44.000+01:00
diff --git a/pyproject.toml b/pyproject.toml
@@ -99,6 +99,7 @@ dependencies = [
     "aiopath>=0.6.11,<1",
     "boto3>=1.40.64,<2",
     "certifi>=2025.10.5,<2026",
+    "defusedxml>=0.7.1",
     "dicom-validator>=0.7.3,<1",
     "dicomweb-client[gcp]>=0.59.3,<1",
     "duckdb>=0.10.0,<=1.4.1",
diff --git a/src/aignostics/qupath/_service.py b/src/aignostics/qupath/_service.py
@@ -707,7 +707,7 @@ def _extract_qupath(  # noqa: C901, PLR0912, PLR0915
                             f"cat '{payload_path.resolve()!s}' | gunzip -dc | cpio -i",
                         ]
                         if platform.system() == "Darwin"
-                        else ["7z", "x", str(payload_path.resolve()), "-o" + str(payload_extract_dir.resolve())]
+                        else ["7z", "x", str(payload_path.resolve()), f"-o{payload_extract_dir.resolve()!s}"]
                     )
                     subprocess.run(  # noqa: S603
                         command,
diff --git a/src/aignostics/third_party/showinfm/showinfm.py b/src/aignostics/third_party/showinfm/showinfm.py
@@ -343,7 +343,12 @@ def show_in_file_manager(
         for d in directories:
             if verbose:
                 print("Executing Windows shell to open", d)
-            os.startfile(d)
+            # Validate path exists and is a directory before opening
+            path_obj = Path(d)
+            if path_obj.exists() and path_obj.is_dir():
+                os.startfile(d)  # noqa: S606
+            elif verbose:
+                print(f"Skipping invalid or non-directory path: {d}", file=sys.stderr)
     else:
         if uris_and_paths:
             # Some file managers must be passed only one or zero paths / URIs
diff --git a/src/aignostics/wsi/_openslide_handler.py b/src/aignostics/wsi/_openslide_handler.py
@@ -1,9 +1,9 @@
 """Handler for wsi files using OpenSlide."""
 
-import xml.etree.ElementTree as ET  # noqa: S405
 from pathlib import Path
 from typing import Any
 
+import defusedxml.ElementTree as ET  # noqa: N817
 import openslide
 from openslide import ImageSlide, OpenSlide, open_slide
 from PIL.Image import Image
@@ -44,11 +44,10 @@ def _detect_format(self) -> str | None:
             str: The detected format of the TIFF file.
         """
         props = dict(self.slide.properties)
-
         # Check for libvips signature in XML metadata
         if TIFF_IMAGE_DESCRIPTION in props:
             try:
-                root = ET.fromstring(props[TIFF_IMAGE_DESCRIPTION])  # noqa: S314
+                root = ET.fromstring(props[TIFF_IMAGE_DESCRIPTION])
                 if root.get("xmlns") == "http://www.vips.ecs.soton.ac.uk//dzsave":
                     return "pyramidal-tiff (libvips)"
             except ET.ParseError:
@@ -87,7 +86,7 @@ def _parse_xml_image_description(self, xml_string: str) -> dict[str, Any]:  # no
             dict[str, Any]: Parsed image description as a dictionary with metadata properties.
         """
         try:
-            root = ET.fromstring(xml_string)  # noqa: S314
+            root = ET.fromstring(xml_string)
             namespace = {"ns": "http://www.vips.ecs.soton.ac.uk//dzsave"}
             image_desc: dict[str, Any] = {
                 "date": root.get("date"),
diff --git a/uv.lock b/uv.lock

Original file line number	Diff line number	Diff line change
`@@ -707,7 +707,7 @@ def _extract_qupath( # noqa: C901, PLR0912, PLR0915`
`707`	`707`	`f"cat '{payload_path.resolve()!s}' \| gunzip -dc \| cpio -i",`
`708`	`708`	`]`
`709`	`709`	`if platform.system() == "Darwin"`
`710`		`- else ["7z", "x", str(payload_path.resolve()), "-o" + str(payload_extract_dir.resolve())]`
	`710`	`+ else ["7z", "x", str(payload_path.resolve()), f"-o{payload_extract_dir.resolve()!s}"]`
`711`	`711`	`)`
`712`	`712`	`subprocess.run( # noqa: S603`
`713`	`713`	`command,`