Address static analysis issues

This patch is meant to address false-positive issues found
by running the bandit static analysis tool. All the issues
flagged were false positives, so the 'nosec' keyword has been
added to the instances in order to allow bandit checks to pass.

Change-Id: I646b12c8e5547325fa65331ff49e390934268a8d

gbpservice/neutron/services/grouppolicy/drivers/cisco/apic/aim_mapping.py

@@ -2205,7 +2205,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
 
     def _get_auto_ptg_id(self, l2p_id):
         if l2p_id:
-            return AUTO_PTG_ID_PREFIX % hashlib.md5(
+            return AUTO_PTG_ID_PREFIX % hashlib.md5(  # nosec
                 l2p_id.encode('utf-8')).hexdigest()
 
     def _is_auto_ptg(self, ptg):

gbpservice/neutron/services/grouppolicy/drivers/cisco/apic/aim_validation.py

@@ -306,8 +306,8 @@ class ValidationManager(object):
         expected_instances[key] = instance
 
     def query_db_instances(self, entities, args, filters):
-        assert 1 == len(entities)
-        assert 0 == len(args)
+        assert 1 == len(entities)  # nosec
+        assert 0 == len(args)  # nosec
         instance_class = entities[0]
         expected_instances = self._expected_db_instances[instance_class]
         primary_keys = self._db_instance_primary_keys[instance_class]
@@ -571,9 +571,9 @@ class ValidationAimStore(aim_store.AimStore):
 
     def query(self, db_obj_type, resource_class, in_=None, notin_=None,
               order_by=None, lock_update=False, **filters):
-        assert in_ is None
-        assert notin_ is None
-        assert order_by is None
+        assert in_ is None  # nosec
+        assert notin_ is None  # nosec
+        assert order_by is None  # nosec
         if filters:
             if (set(filters.keys()) ==
                 set(resource_class.identity_attributes.keys())):
@@ -590,18 +590,21 @@ class ValidationAimStore(aim_store.AimStore):
 
     def count(self, db_obj_type, resource_class, in_=None, notin_=None,
               **filters):
-        assert False
+        # REVISIT: Determine if we can remove this call.
+        assert False  # nosec
 
     def delete_all(self, db_obj_type, resource_class, in_=None, notin_=None,
                    **filters):
-        assert False
+        # REVISIT: Determine if we can remove this call.
+        assert False  # nosec
 
     def from_attr(self, db_obj, resource_class, attribute_dict):
         for k, v in list(attribute_dict.items()):
             setattr(db_obj, k, v)
 
     def to_attr(self, resource_class, db_obj):
-        assert False
+        # REVISIT: Determine if we can remove this call.
+        assert False  # nosec
 
     def make_resource(self, cls, db_obj, include_aim_id=False):
         return copy.deepcopy(db_obj)

tools/install_venv_common.py

@@ -26,7 +26,7 @@ from __future__ import print_function
 
 import optparse
 import os
-import subprocess
+import subprocess  # nosec
 import sys
 
 
@@ -61,7 +61,7 @@ class InstallVenv(object):
         else:
             stdout = None
 
-        proc = subprocess.Popen(cmd, cwd=self.root, stdout=stdout)
+        proc = subprocess.Popen(cmd, cwd=self.root, stdout=stdout)  # nosec
         output = proc.communicate()[0]
         if check_exit_code and proc.returncode != 0:
             self.die('Command "%s" failed.\n%s', ' '.join(cmd), output)