e576c5cee0
Declare the tests to skip, rather than the tests to run. This ensures that we pick up new bandit checks automatically. I recently noticed a use of md5() without the usedforsecurity=False kwarg. Confused about why this wasn't caught in the gate, I eventually traced it back to B303 (which we explicitly enabled) being largely superseded by B324 (which did not exist when we wrote down the tests to enable). Flag a bunch of false-positives with "# nosec" comments, resolve two other errors, and skip some more-pervasive errors, to be resolved later. Change-Id: Ia054e4f7c9e5bf29064a66933e27830adbc107d3
8.1 KiB
8.1 KiB