From 62ec8e8b1bb7178b8f40574b38b2b6d8c7555780 Mon Sep 17 00:00:00 2001 From: Miguel Jacq Date: Wed, 17 Dec 2025 19:05:07 +1100 Subject: [PATCH] Silence bandit paranoia on certain lines --- enroll/manifest.py | 2 +- enroll/remote.py | 2 +- enroll/sopsutil.py | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/enroll/manifest.py b/enroll/manifest.py index 09666d4..afb8b88 100644 --- a/enroll/manifest.py +++ b/enroll/manifest.py @@ -567,7 +567,7 @@ def _tar_dir_to_with_progress( cols = shutil.get_terminal_size((80, 20)).columns msg = msg[: cols - 1] except Exception: - pass + pass # nosec os.write(2, ("\r" + msg).encode("utf-8", errors="replace")) with tarfile.open(tar_path, mode="w:gz") as tf: diff --git a/enroll/remote.py b/enroll/remote.py index df8d876..7ad8dc4 100644 --- a/enroll/remote.py +++ b/enroll/remote.py @@ -200,7 +200,7 @@ def remote_harvest( # Stream a tarball back to the local machine (avoid creating a tar file on the remote). cmd = f"tar -cz -C {rbundle} ." - _stdin, stdout, stderr = ssh.exec_command(cmd) + _stdin, stdout, stderr = ssh.exec_command(cmd) # nosec with open(local_tgz, "wb") as f: while True: chunk = stdout.read(1024 * 128) diff --git a/enroll/sopsutil.py b/enroll/sopsutil.py index d43d351..6c0c881 100644 --- a/enroll/sopsutil.py +++ b/enroll/sopsutil.py @@ -2,7 +2,7 @@ from __future__ import annotations import os import shutil -import subprocess +import subprocess # nosec import tempfile from pathlib import Path from typing import Iterable, List, Optional @@ -62,7 +62,7 @@ def encrypt_file_binary( ], capture_output=True, check=False, - ) + ) # nosec if res.returncode != 0: raise SopsError( "sops encryption failed:\n" @@ -112,7 +112,7 @@ def decrypt_file_binary_to( ], capture_output=True, check=False, - ) + ) # nosec if res.returncode != 0: raise SopsError( "sops decryption failed:\n"