diff --git a/docs/source/conf.py b/docs/source/conf.py index b773c10..0bd8b98 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -11,7 +11,7 @@ # -- Project information ----------------------------------------------------- project = 'AutoControl' -copyright = '2020 ~ Now, JE-Chen' # noqa: A001 # reason: Sphinx-required name +copyright = '2020 ~ Now, JE-Chen' # noqa: A001 # pylint: disable=redefined-builtin # reason: Sphinx-required name author = 'JE-Chen' release = '0.0.179' diff --git a/je_auto_control/utils/clipboard/clipboard.py b/je_auto_control/utils/clipboard/clipboard.py index bf28980..0f81ebd 100644 --- a/je_auto_control/utils/clipboard/clipboard.py +++ b/je_auto_control/utils/clipboard/clipboard.py @@ -143,6 +143,7 @@ def _linux_get() -> str: if cmd is None: raise RuntimeError("Install xclip or xsel for Linux clipboard support") read_cmd = cmd + ["-o"] if cmd[0] == "xclip" else cmd + ["--output"] + # nosemgrep: python.lang.security.audit.dangerous-subprocess-use-audit.dangerous-subprocess-use-audit result = subprocess.run( # nosec B603 # reason: argv from allowlist (xclip/xsel) discovered via shutil.which read_cmd, capture_output=True, check=True, timeout=5, ) @@ -154,6 +155,7 @@ def _linux_set(text: str) -> None: if cmd is None: raise RuntimeError("Install xclip or xsel for Linux clipboard support") write_cmd = cmd + ["-i"] if cmd[0] == "xclip" else cmd + ["--input"] + # nosemgrep: python.lang.security.audit.dangerous-subprocess-use-audit.dangerous-subprocess-use-audit subprocess.run( # nosec B603 # reason: argv from allowlist (xclip/xsel) discovered via shutil.which write_cmd, input=text.encode("utf-8"), check=True, timeout=5, diff --git a/je_auto_control/utils/rest_api/rest_server.py b/je_auto_control/utils/rest_api/rest_server.py index 237fd08..e6590db 100644 --- a/je_auto_control/utils/rest_api/rest_server.py +++ b/je_auto_control/utils/rest_api/rest_server.py @@ -25,9 +25,9 @@ class _JSONHandler(BaseHTTPRequestHandler): server_version = "AutoControlREST/1.0" # Suppress default stderr access logs — route through the project logger. - def log_message(self, fmt: str, *args: Any) -> None: + def log_message(self, format, *args) -> None: # noqa: A002 # pylint: disable=redefined-builtin # reason: stdlib BaseHTTPRequestHandler override autocontrol_logger.info("rest-api %s - %s", - self.address_string(), fmt % args) + self.address_string(), format % args) def do_GET(self) -> None: # noqa: N802 # reason: stdlib API parsed = urlparse(self.path) diff --git a/je_auto_control/utils/shell_process/shell_exec.py b/je_auto_control/utils/shell_process/shell_exec.py index fc2e11c..ad3fb55 100644 --- a/je_auto_control/utils/shell_process/shell_exec.py +++ b/je_auto_control/utils/shell_process/shell_exec.py @@ -51,6 +51,7 @@ def exec_shell(self, shell_command: Union[str, List[str]]) -> None: try: self.exit_program() args = _normalize_command(shell_command) + # nosemgrep: python.lang.security.audit.dangerous-subprocess-use-audit.dangerous-subprocess-use-audit self.process = subprocess.Popen( # nosec B603 # reason: shell=False, argv list validated via _normalize_command args, stdout=subprocess.PIPE, diff --git a/test/unit_test/headless/test_rest_server.py b/test/unit_test/headless/test_rest_server.py index 8f37634..db28d0d 100644 --- a/test/unit_test/headless/test_rest_server.py +++ b/test/unit_test/headless/test_rest_server.py @@ -16,9 +16,12 @@ def rest_server(): server.stop(timeout=1.0) +_TEST_SCHEME = "http" # NOSONAR: S5332 # reason: localhost-only ephemeral test server; TLS is out of scope here + + def _request(server, path, method="GET", body=None): host, port = server.address - url = f"http://{host}:{port}{path}" + url = f"{_TEST_SCHEME}://{host}:{port}{path}" data = None headers = {} if body is not None: