Add bandit scan tool to Makefile - mark some security issue as non relevants

3 files changed, 5 insertions, 3 deletions

diff --git a/ishtar_common/data_importer.py b/ishtar_common/data_importer.py
index d63004849..ae3c8387a 100644
--- a/ishtar_common/data_importer.py
+++ b/ishtar_common/data_importer.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 # Copyright (C) 2013-2017 Étienne Loks  <etienne.loks_AT_peacefrogsDOTnet>
 
diff --git a/ishtar_common/ignf_utils.py b/ishtar_common/ignf_utils.py
index 2f167299c..94429d458 100644
--- a/ishtar_common/ignf_utils.py
+++ b/ishtar_common/ignf_utils.py
@@ -160,7 +160,8 @@ IGNF = {
 
 
 def extract_from_csv(filename):
-    tree = ET.parse(filename)
+    # nosec: parsing only used by programmer to generate previous dict from a trusted source
+    tree = ET.parse(filename)  # nosec
     root = tree.getroot()
     ns = "{http://www.isotc211.org/2005/gmx}"
     ns_gml = "{http://www.opengis.net/gml}"
diff --git a/ishtar_common/utils.py b/ishtar_common/utils.py
index 3a3c53853..91591e0b2 100644
--- a/ishtar_common/utils.py
+++ b/ishtar_common/utils.py
@@ -399,7 +399,8 @@ def get_cache(cls, extra_args=tuple(), app_label=None):
     ):
         cls._add_cache_key_to_refresh(extra_args)
     if len(cache_key) >= 250:
-        m = hashlib.md5()
+        # nosec: used for a cache key no consequence if predictable
+        m = hashlib.md5()  # nosec
         m.update(cache_key)
         cache_key = m.hexdigest()
     return cache_key, cache.get(cache_key)