Address static analysis issues

This patch is meant to address false-positive issues found
by running the bandit static analysis tool. Most of the issues
flagged were false positives, so the 'nosec' keyword has been
added to the instances in order to allow bandit checks to pass.
The one true positive was an except-always condition, which has
been reduced to only continue for IOError cases.

Change-Id: Ib9c51377544ca2dc7789a8eaabf9c432c579e00e
(cherry picked from commit ee7a2409fb)

gbpclient/gbp/v2_0/purge.py

@@ -11,6 +11,7 @@
 #    under the License.
 #
 
+import errno
 import re
 import sys
 
@@ -73,12 +74,14 @@ class Purge(n_purge.Purge):
                     sys.stdout.write("\rPurging resources: %d%% complete." %
                                      percent_complete)
                     sys.stdout.flush()
-                except Exception:
+                except IOError as e:
                     # A broken pipe IOError exception might get thrown if
                     # invoked from our MD's keystone tenant delete handler
                     # code. We should just ignore that then continue to
                     # purge the rest of the resources.
-                    continue
+                    if e.errno == errno.EPIPE:
+                        continue
+
         return (deleted, failed, failures)
 
     def take_action(self, parsed_args):

tools/install_venv_common.py

@@ -26,7 +26,7 @@ from __future__ import print_function
 
 import optparse
 import os
-import subprocess
+import subprocess  # nosec
 import sys
 
 
@@ -61,7 +61,7 @@ class InstallVenv(object):
         else:
             stdout = None
 
-        proc = subprocess.Popen(cmd, cwd=self.root, stdout=stdout)
+        proc = subprocess.Popen(cmd, cwd=self.root, stdout=stdout)  # nosec
         output = proc.communicate()[0]
         if check_exit_code and proc.returncode != 0:
             self.die('Command "%s" failed.\n%s', ' '.join(cmd), output)