From ee7a2409fbf6d16e6fd65f0d227b0da8f0b8561e Mon Sep 17 00:00:00 2001
From: Thomas Bachman <tbachman@yahoo.com>
Date: Mon, 20 May 2024 15:48:54 +0000
Subject: [PATCH] Address static analysis issues

This patch is meant to address false-positive issues found
by running the bandit static analysis tool. Most of the issues
flagged were false positives, so the 'nosec' keyword has been
added to the instances in order to allow bandit checks to pass.
The one true positive was an except-always condition, which has
been reduced to only continue for IOError cases.

Change-Id: Ib9c51377544ca2dc7789a8eaabf9c432c579e00e
---
 gbpclient/gbp/v2_0/purge.py  | 7 +++++--
 tools/install_venv_common.py | 4 ++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/gbpclient/gbp/v2_0/purge.py b/gbpclient/gbp/v2_0/purge.py
index f364eea..3668d15 100644
--- a/gbpclient/gbp/v2_0/purge.py
+++ b/gbpclient/gbp/v2_0/purge.py
@@ -11,6 +11,7 @@
 #    under the License.
 #
 
+import errno
 import re
 import sys
 
@@ -73,12 +74,14 @@ class Purge(n_purge.Purge):
                     sys.stdout.write("\rPurging resources: %d%% complete." %
                                      percent_complete)
                     sys.stdout.flush()
-                except Exception:
+                except IOError as e:
                     # A broken pipe IOError exception might get thrown if
                     # invoked from our MD's keystone tenant delete handler
                     # code. We should just ignore that then continue to
                     # purge the rest of the resources.
-                    continue
+                    if e.errno == errno.EPIPE:
+                        continue
+
         return (deleted, failed, failures)
 
     def take_action(self, parsed_args):
diff --git a/tools/install_venv_common.py b/tools/install_venv_common.py
index e279159..51a912d 100644
--- a/tools/install_venv_common.py
+++ b/tools/install_venv_common.py
@@ -26,7 +26,7 @@ from __future__ import print_function
 
 import optparse
 import os
-import subprocess
+import subprocess  # nosec
 import sys
 
 
@@ -61,7 +61,7 @@ class InstallVenv(object):
         else:
             stdout = None
 
-        proc = subprocess.Popen(cmd, cwd=self.root, stdout=stdout)
+        proc = subprocess.Popen(cmd, cwd=self.root, stdout=stdout)  # nosec
         output = proc.communicate()[0]
         if check_exit_code and proc.returncode != 0:
             self.die('Command "%s" failed.\n%s', ' '.join(cmd), output)