calm bandit warnings

Author: mr-c

cwltool/docker.py

@@ -5,7 +5,7 @@
 import os
 import re
 import shutil
-import subprocess
+import subprocess  # nosec
 import sys
 import tempfile
 import threading
@@ -46,7 +46,7 @@ def _get_docker_machine_mounts() -> List[str]:
             else:
                 __docker_machine_mounts = [
                     "/" + line.split(None, 1)[0]
-                    for line in subprocess.check_output(
+                    for line in subprocess.check_output(  # nosec
                         [
                             "docker-machine",
                             "ssh",
@@ -129,7 +129,7 @@ def get_image(
                 return True
 
         for line in (
-            subprocess.check_output(["docker", "images", "--no-trunc", "--all"])
+            subprocess.check_output(["docker", "images", "--no-trunc", "--all"])  # nosec
             .decode("utf-8")
             .splitlines()
         ):
@@ -164,7 +164,7 @@ def get_image(
             if "dockerPull" in docker_requirement:
                 cmd = ["docker", "pull", str(docker_requirement["dockerPull"])]
                 _logger.info(str(cmd))
-                subprocess.check_call(cmd, stdout=sys.stderr)
+                subprocess.check_call(cmd, stdout=sys.stderr)  # nosec
                 found = True
             elif "dockerFile" in docker_requirement:
                 dockerfile_dir = str(tempfile.mkdtemp(prefix=tmp_outdir_prefix))
@@ -177,7 +177,7 @@ def get_image(
                     dockerfile_dir,
                 ]
                 _logger.info(str(cmd))
-                subprocess.check_call(cmd, stdout=sys.stderr)
+                subprocess.check_call(cmd, stdout=sys.stderr)  # nosec
                 found = True
             elif "dockerLoad" in docker_requirement:
                 cmd = ["docker", "load"]
@@ -188,9 +188,9 @@ def get_image(
                         docker_requirement["dockerLoad"],
                     )
                     with open(docker_requirement["dockerLoad"], "rb") as dload:
-                        loadproc = subprocess.Popen(cmd, stdin=dload, stdout=sys.stderr)
+                        loadproc = subprocess.Popen(cmd, stdin=dload, stdout=sys.stderr)  # nosec
                 else:
-                    loadproc = subprocess.Popen(
+                    loadproc = subprocess.Popen(  # nosec
                         cmd, stdin=subprocess.PIPE, stdout=sys.stderr
                     )
                     assert loadproc.stdin is not None  # nosec
@@ -218,7 +218,7 @@ def get_image(
                     str(docker_requirement["dockerImageId"]),
                 ]
                 _logger.info(str(cmd))
-                subprocess.check_call(cmd, stdout=sys.stderr)
+                subprocess.check_call(cmd, stdout=sys.stderr)  # nosec
                 found = True
 
         if found:

cwltool/docker_id.py

@@ -1,6 +1,6 @@
 """Helper functions for docker."""
 
-import subprocess
+import subprocess  # nosec
 from typing import List, Optional, Tuple
 
 
@@ -30,7 +30,7 @@ def check_output_and_strip(cmd):  # type: (List[str]) -> Optional[str]
     :return: Stripped string output of the command, or None if error
     """
     try:
-        result = subprocess.check_output(
+        result = subprocess.check_output(  # nosec
             cmd, stderr=subprocess.STDOUT, universal_newlines=True
         )
         return result.strip()

cwltool/workflow.py

@@ -818,7 +818,7 @@ def __init__(
         loadingContext.requirements = copy.deepcopy(
             getdefault(loadingContext.requirements, [])
         )
-        assert loadingContext.requirements is not None
+        assert loadingContext.requirements is not None  # nosec
         loadingContext.requirements.extend(toolpath_object.get("requirements", []))
         loadingContext.requirements.extend(
             get_overrides(getdefault(loadingContext.overrides_list, []), self.id).get(