Skip to content

[SDL] Enable Bandit B404 test #3913

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jszczepa wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

[SDL] Enable Bandit B404 test #3913

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7b9ee82
[SDL] Enable Bandit B404 test
jszczepa Feb 10, 2026
5f6f71b
Remove skip B404 test from Bandit scans
jszczepa Feb 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -207,7 +207,6 @@ pythonpath = "."
exclude_dirs = ["tools", "tests", "**/venv*", "build"]
skips = [
"B101", # assert_used
"B404", # import_subprocess
"B614", # pytorch_load
"B615", # huggingface_unsafe_download
]
2 changes: 1 addition & 1 deletion src/custom_version.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@
import contextlib
import os
import re
import subprocess
import subprocess # nosec B404
Copy link

Copilot AI Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same concern as above: suppressing B404 at the import level with no explanation makes it hard to audit why subprocess is safe here. Add a short rationale to the # nosec comment and consider limiting suppression to the specific safe usage instead of the module import.

Copilot uses AI. Check for mistakes.
from pathlib import Path

NNCF_VERSION_FILE = "src/nncf/version.py"
Expand Down
2 changes: 1 addition & 1 deletion src/nncf/torch/quantization/extensions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
# limitations under the License.

import os.path
import subprocess
import subprocess # nosec B404
Copy link

Copilot AI Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using # nosec B404 without any justification defeats the intent of enabling B404 for SDL review. Prefer adding a brief rationale (e.g., # nosec B404: <reason this import/use is safe>) and/or scoping the suppression as narrowly as possible to the specific safe call site(s) rather than suppressing at import.

Suggested change
import subprocess # nosec B404
import subprocess # nosec B404: imported only for CalledProcessError exception handling; no subprocess commands are executed in this module

Copilot uses AI. Check for mistakes.

import torch

Expand Down
Loading