diff --git a/doc/changelog.d/1077.added.md b/doc/changelog.d/1077.added.md new file mode 100644 index 0000000000..c706cd4229 --- /dev/null +++ b/doc/changelog.d/1077.added.md @@ -0,0 +1 @@ +feat: accept bandit advisories in-line for subprocess \ No newline at end of file diff --git a/src/ansys/geometry/core/connection/product_instance.py b/src/ansys/geometry/core/connection/product_instance.py index 1158ede6c5..1f01735dee 100644 --- a/src/ansys/geometry/core/connection/product_instance.py +++ b/src/ansys/geometry/core/connection/product_instance.py @@ -23,7 +23,10 @@ import os import signal import socket -import subprocess + +# Subprocess is needed to start the backend. But +# the input is controlled by the library. Excluding bandit check. +import subprocess # nosec B404 from ansys.tools.path import get_available_ansys_installations, get_latest_ansys_installation from beartype.typing import TYPE_CHECKING, Dict, List @@ -302,7 +305,7 @@ def prepare_and_start_backend( LOG.debug(f"Args: {args}") LOG.debug(f"Environment variables: {env_copy}") - instance = ProductInstance(_start_program(args, env_copy).pid) + instance = ProductInstance(__start_program(args, env_copy).pid) # Verify that the backend is ready to accept connections # before returning the Modeler instance. @@ -403,7 +406,7 @@ def _manifest_path_provider( raise RuntimeError(msg) -def _start_program(args: List[str], local_env: Dict[str, str]) -> subprocess.Popen: +def __start_program(args: List[str], local_env: Dict[str, str]) -> subprocess.Popen: """ Start the program where the path is the first item of the ``args`` array argument. @@ -420,7 +423,8 @@ def _start_program(args: List[str], local_env: Dict[str, str]) -> subprocess.Pop subprocess.Popen The subprocess object. """ - return subprocess.Popen( + # private method and controlled input by library - excluding bandit check. + return subprocess.Popen( # nosec B603 args, stdin=subprocess.DEVNULL, stdout=subprocess.DEVNULL,