From 698932f4870afc1ad7b0501d2abb1640fca42562 Mon Sep 17 00:00:00 2001
From: Lee Miller <lee.miller@tutanota.com>
Date: Wed, 6 Mar 2024 12:44:52 +0200
Subject: [PATCH 1/2] Reduce number of globally disabled bandit checks

and uncomment fail fast in the test script.
---
 .buildbot/tox-bionic/test.sh | 2 +-
 tox.ini                      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.buildbot/tox-bionic/test.sh b/.buildbot/tox-bionic/test.sh
index 8b994fd4..b280953a 100755
--- a/.buildbot/tox-bionic/test.sh
+++ b/.buildbot/tox-bionic/test.sh
@@ -1,4 +1,4 @@
 #!/bin/sh
 
-tox -e lint-basic # || exit 1
+tox -e lint-basic || exit 1
 tox
diff --git a/tox.ini b/tox.ini
index a3cd4044..fec3a54c 100644
--- a/tox.ini
+++ b/tox.ini
@@ -21,7 +21,7 @@ deps =
     bandit
     flake8
 commands =
-    bandit -r --exit-zero -s B105,B301,B411,B413,B608,B101 \
+    bandit -r -s B101,B411,B413,B608 \
     -x checkdeps.*,bitmessagecurses,bitmessageqt,tests pybitmessage
     flake8 pybitmessage --count --select=E9,F63,F7,F82 \
     --show-source --statistics
-- 
2.45.1


From 95659b6f6c23bb26c25ce96ff0195b23c0f0db31 Mon Sep 17 00:00:00 2001
From: Lee Miller <lee.miller@tutanota.com>
Date: Wed, 6 Mar 2024 12:56:03 +0200
Subject: [PATCH 2/2] Fix bandit comments:

  - suppress B301 in the single place where it appears,
  - fix placement of B607, B603 in proofofwork and B324 in bitmessagekivy.
---
 src/bitmessagekivy/identiconGeneration.py | 3 ++-
 src/network/knownnodes.py                 | 2 +-
 src/proofofwork.py                        | 4 ++--
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/bitmessagekivy/identiconGeneration.py b/src/bitmessagekivy/identiconGeneration.py
index 17e211dd..2e2f2e93 100644
--- a/src/bitmessagekivy/identiconGeneration.py
+++ b/src/bitmessagekivy/identiconGeneration.py
@@ -40,7 +40,8 @@ def generate_hash(string):
     try:
         # make input case insensitive
         string = str.lower(string)
-        hash_object = hashlib.md5(str.encode(string))  # nosec B324, B303
+        hash_object = hashlib.md5(  # nosec B324, B303
+            str.encode(string))
         print(hash_object.hexdigest())
         # returned object is a hex string
         return hash_object.hexdigest()
diff --git a/src/network/knownnodes.py b/src/network/knownnodes.py
index d3b6dd01..b74c9a15 100644
--- a/src/network/knownnodes.py
+++ b/src/network/knownnodes.py
@@ -85,7 +85,7 @@ def pickle_deserialize_old_knownnodes(source):
     the new format is {Peer:{"lastseen":i, "rating":f}}
     """
     global knownNodes
-    knownNodes = pickle.load(source)
+    knownNodes = pickle.load(source)  # nosec B301
     for stream in knownNodes.keys():
         for node, params in knownNodes[stream].iteritems():
             if isinstance(params, (float, int)):
diff --git a/src/proofofwork.py b/src/proofofwork.py
index 5b3e3fb6..f77f455a 100644
--- a/src/proofofwork.py
+++ b/src/proofofwork.py
@@ -276,8 +276,8 @@ def buildCPoW():
                   '-f', 'Makefile.bsd'])  # nosec B607, B603
         else:
             # GNU make
-            call(["make", "-C", os.path.join(paths.codePath(),
-                  "bitmsghash")])  # nosec B607, B603
+            call([  # nosec B607, B603
+                "make", "-C", os.path.join(paths.codePath(), "bitmsghash")])
         if os.path.exists(os.path.join(paths.codePath(), "bitmsghash", "bitmsghash.so")):
             init()
             notifyBuild(True)
-- 
2.45.1