From 77b7e3a0c97ff2f21ac7741a0d3a789efac93792 Mon Sep 17 00:00:00 2001
From: Tomas Kopecek <tkopecek@redhat.com>
Date: Tue, 6 Feb 2024 11:09:16 +0100
Subject: [PATCH] Fix bandit "nosec" comments

Related: https://pagure.io/koji/issue/4004
---
 koji/__init__.py | 6 ++++--
 vm/kojivmd       | 3 ++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/koji/__init__.py b/koji/__init__.py
index a143a4c5..98e4ef20 100644
--- a/koji/__init__.py
+++ b/koji/__init__.py
@@ -1503,13 +1503,15 @@ def parse_pom(path=None, contents=None):
     contents = fixEncoding(contents)
 
     try:
-        xml.sax.parseString(contents, handler)  # nosec - trusted data
+        # trusted data, skipping bandit test
+        xml.sax.parseString(contents, handler)  # nosec
     except xml.sax.SAXParseException:
         # likely an undefined entity reference, so lets try replacing
         # any entity refs we can find and see if we get something parseable
         handler.reset()
         contents = ENTITY_RE.sub('?', contents)
-        xml.sax.parseString(contents, handler)  # nosec - trusted data
+        # trusted data, skipping bandit test
+        xml.sax.parseString(contents, handler)  # nosec
 
     for field in fields:
         if field not in util.to_list(values.keys()):
diff --git a/vm/kojivmd b/vm/kojivmd
index 7ddc8b24..330034dc 100755
--- a/vm/kojivmd
+++ b/vm/kojivmd
@@ -751,7 +751,8 @@ class VMExecTask(BaseTaskHandler):
                 raise koji.BuildError('unsupported file type: %s' % type)
             koji.ensuredir(os.path.dirname(localpath))
             # closing needs to be used for requests < 2.18.0
-            # nosec - skipping missing timeout, it would be done on VM lifecycle level
+            # skipping missing timeout, it would be done on VM lifecycle level
+            # bypass bandit warning
             with closing(requests.get(remote_url, stream=True)) as response:  # nosec
                 response.raise_for_status()
                 with open(localpath, 'wb') as f: