🔒️ fix bandit warnings

2 files changed, 7 insertions, 5 deletions

diff --git a/archaeological_finds/models_treatments.py b/archaeological_finds/models_treatments.py
index 69f0d9d69..ebe842ac7 100644
--- a/archaeological_finds/models_treatments.py
+++ b/archaeological_finds/models_treatments.py
@@ -18,8 +18,9 @@
 # See the file COPYING for details.
 
 import datetime
-import lxml.etree
-import lxml.builder
+# nosec: used to build a controlled XML
+import lxml.etree  # nosec
+import lxml.builder  # nosec
 import os
 import shutil
 import tempfile
diff --git a/archaeological_finds/tests.py b/archaeological_finds/tests.py
index 26e9b6dc5..f105093fd 100644
--- a/archaeological_finds/tests.py
+++ b/archaeological_finds/tests.py
@@ -2066,7 +2066,8 @@ class FindPermissionTest(FindInit, TestPermissionQuery, TestCase):
         username, password, user = create_superuser()
         self.users["superuser"] = (username, password, user)
 
-        upstream_username, upstream_password, upstream_user = create_user(
+        # nosec: hard coded password for test purposes
+        upstream_username, upstream_password, upstream_user = create_user(  # nosec
             username="up", password="up"
         )
         UserProfile.objects.create(
@@ -2121,8 +2122,8 @@ class FindPermissionTest(FindInit, TestPermissionQuery, TestCase):
         self.operations[-1].context_record.all()[0].ishtar_users.add(
             upstream_user.ishtaruser
         )
-
-        associated_username, associated_password, associated_user = create_user(
+        # nosec: hard coded password for test purposes
+        associated_username, associated_password, associated_user = create_user(  # nosec
             username="as", password="as"
         )
         UserProfile.objects.create(