From 7aa40c5fa165c8090c9fa58b95ed1aa2931cd2f2 Mon Sep 17 00:00:00 2001
From: Julia Kreger <juliaashleykreger@gmail.com>
Date: Mon, 7 Mar 2022 11:53:57 -0800
Subject: [PATCH] Suppress Bandit B509 in snmp.py

Bandit's B509 (SNMPv3 no authentication/privacy) check is
triggered by our line wrapping, as the check looks at the
number of arguments, and triggers if it only parses 3 arguments.

In Ironic's case, we pass five arguments. Presumably, this is due
to the line wrapping. Ultimately this bandit check is very new
having only been added with in the last few months.

Change-Id: Idaee72a53a1f33bcab940c6ebe1e7c113a1cb1ce
(cherry picked from commit e02ab89410c194faf54eaa4133e64ff24f873120)
---
 ironic/drivers/modules/snmp.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ironic/drivers/modules/snmp.py b/ironic/drivers/modules/snmp.py
index ab6c3ade4b..95d68ff15f 100644
--- a/ironic/drivers/modules/snmp.py
+++ b/ironic/drivers/modules/snmp.py
@@ -230,7 +230,10 @@ class SNMPClient(object):
             object depending on SNMP version being used.
         """
         if self.version == SNMP_V3:
-            return snmp.UsmUserData(
+            # NOTE(TheJulia): Ignore Bandit error B509 argument parsing as
+            # the check is for a count of <3 arguments, however our line
+            # wrapping causes the check to trigger.
+            return snmp.UsmUserData(  # nosec B509
                 self.user,
                 authKey=self.auth_key,
                 authProtocol=self.auth_proto,