From a10ccf6cf32dc4e2817ddbf67bc84feebb930916 Mon Sep 17 00:00:00 2001
From: Andreas Jaeger <aj@suse.com>
Date: Mon, 5 Aug 2019 16:28:44 +0200
Subject: [PATCH] Fix barbican B105 issues

Those are all false positives, add "nosec" to them and
enable the test again.

Change-Id: I88ae4f77be18146b31d5f2b935896b593f9a40c0
---
 barbican/cmd/barbican_manage.py           | 4 ++--
 barbican/common/utils.py                  | 2 +-
 barbican/plugin/dogtag.py                 | 4 ++--
 barbican/plugin/interface/secret_store.py | 2 +-
 tox.ini                                   | 2 +-
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/barbican/cmd/barbican_manage.py b/barbican/cmd/barbican_manage.py
index 6ccfdf1cd..af0ad63cd 100644
--- a/barbican/cmd/barbican_manage.py
+++ b/barbican/cmd/barbican_manage.py
@@ -143,8 +143,8 @@ class DbCommands(object):
             commands.current(verbose, sql_url=CONF.sql_connection)
         else:
             commands.current(verbose, sql_url=str(dburl))
-
-    sync_secret_stores_description = "Sync secret_stores with barbican.conf"
+    sync_secret_stores_description = ("Sync secret_stores with "  # nosec
+                                      "barbican.conf")
 
     @args('--db-url', '-d', metavar='<db-url>', dest='dburl',
           help='barbican database URL')
diff --git a/barbican/common/utils.py b/barbican/common/utils.py
index a9740b561..46a3147ed 100644
--- a/barbican/common/utils.py
+++ b/barbican/common/utils.py
@@ -43,7 +43,7 @@ API_VERSION = 'v1'
 # barbican.plugin.interface.secret_store which introduces a cyclic dependency
 # if `secret_store` plugin needs to use db model classes. So moving shared
 # value to another common python module which is already imported in both.
-SECRET_TYPE_OPAQUE = "opaque"
+SECRET_TYPE_OPAQUE = "opaque"  # nosec
 
 
 def _do_allow_certain_content_types(func, content_types_list=[]):
diff --git a/barbican/plugin/dogtag.py b/barbican/plugin/dogtag.py
index 95c983952..961af2373 100644
--- a/barbican/plugin/dogtag.py
+++ b/barbican/plugin/dogtag.py
@@ -165,8 +165,8 @@ class DogtagKRAPlugin(sstore.SecretStoreBase):
     BIT_LENGTH = "bit_length"
     GENERATED = "generated"
     KEY_ID = "key_id"
-    SECRET_MODE = "secret_mode"
-    PASSPHRASE_KEY_ID = "passphrase_key_id"
+    SECRET_MODE = "secret_mode"  # nosec
+    PASSPHRASE_KEY_ID = "passphrase_key_id"  # nosec
     CONVERT_TO_PEM = "convert_to_pem"
 
     # string constants
diff --git a/barbican/plugin/interface/secret_store.py b/barbican/plugin/interface/secret_store.py
index 65f1eb077..f705756c9 100644
--- a/barbican/plugin/interface/secret_store.py
+++ b/barbican/plugin/interface/secret_store.py
@@ -278,7 +278,7 @@ class SecretType(object):
     PRIVATE = "private"
     """Constant to define the passphrase type. Used by getSecret to retrieve a
     passphrase."""
-    PASSPHRASE = "passphrase"
+    PASSPHRASE = "passphrase"  # nosec
     """Constant to define the certificate type. Used by getSecret to retrieve a
     certificate."""
     CERTIFICATE = "certificate"
diff --git a/tox.ini b/tox.ini
index b44fd8bf2..4d3060da3 100644
--- a/tox.ini
+++ b/tox.ini
@@ -149,7 +149,7 @@ exclude = .git,.idea,.tox,bin,dist,debian,rpmbuild,tools,*.egg-info,*.eggs,contr
 [testenv:bandit]
 basepython = python3
 deps = -r{toxinidir}/test-requirements.txt
-commands = bandit -r barbican -x tests -n5 -s B105
+commands = bandit -r barbican -x tests -n5
 
 [testenv:bindep]
 basepython = python3