disable some bandit warnings (#12054)

sdk/core/azure-core/azure/core/pipeline/policies/_universal.py

@@ -501,7 +501,7 @@ def deserialize_from_text(
                         data_as_str = cast(str, data_as_str.encode(encoding="utf-8"))
                 except NameError:
                     pass
-                return ET.fromstring(data_as_str)
+                return ET.fromstring(data_as_str)   # nosec
             except ET.ParseError:
                 # It might be because the server has an issue, and returned JSON with
                 # content-type XML....

sdk/core/azure-core/azure/core/polling/_poller.py

@@ -133,7 +133,7 @@ def from_continuation_token(cls, continuation_token, **kwargs):
         except KeyError:
             raise ValueError("Need kwarg 'deserialization_callback' to be recreated from continuation_token")
         import pickle
-        initial_response = pickle.loads(base64.b64decode(continuation_token))
+        initial_response = pickle.loads(base64.b64decode(continuation_token))   # nosec
         return None, initial_response, deserialization_callback
 
 

sdk/core/azure-core/azure/core/polling/base_polling.py

@@ -467,7 +467,7 @@ def from_continuation_token(cls, continuation_token, **kwargs):
             raise ValueError("Need kwarg 'deserialization_callback' to be recreated from continuation_token")
 
         import pickle
-        initial_response = pickle.loads(base64.b64decode(continuation_token))
+        initial_response = pickle.loads(base64.b64decode(continuation_token))   # nosec
         # Restore the transport in the context
         initial_response.context.transport = client._pipeline._transport  # pylint: disable=protected-access
         return client, initial_response, deserialization_callback

sdk/core/azure-core/tests/test_universal_pipeline.py

@@ -81,7 +81,7 @@ def test_pipeline_context():
 
     serialized = pickle.dumps(context)
 
-    revived_context = pickle.loads(serialized)
+    revived_context = pickle.loads(serialized)  # nosec
     assert revived_context.options == kwargs
     assert revived_context.transport is None
     assert 'deserialized_data' in revived_context

sdk/cosmos/azure-cosmos/azure/cosmos/_execution_context/endpoint_component.py

@@ -126,7 +126,7 @@ def next(self):
         if six.PY3:
             json_repr = json_repr.encode("utf-8")
 
-        hash_object = hashlib.sha1(json_repr)
+        hash_object = hashlib.sha1(json_repr)   # nosec
         hashed_result = hash_object.hexdigest()
 
         while hashed_result in self.last_result:
@@ -135,7 +135,7 @@ def next(self):
             if six.PY3:
                 json_repr = json_repr.encode("utf-8")
 
-            hash_object = hashlib.sha1(json_repr)
+            hash_object = hashlib.sha1(json_repr)   # nosec
             hashed_result = hash_object.hexdigest()
         self.last_result.add(hashed_result)
         return res

sdk/cosmos/azure-cosmos/test/test_crud.py

@@ -207,7 +207,7 @@ def test_sql_query_crud(self):
         self.assertEqual(0, len(databases), 'Unexpected number of query results.')
 
         # query with a string.
-        databases = list(self.client.query_databases('SELECT * FROM root r WHERE r.id="' + db2.id + '"'))   #nosec
+        databases = list(self.client.query_databases('SELECT * FROM root r WHERE r.id="' + db2.id + '"'))   # nosec
         self.assertEqual(1, len(databases), 'Unexpected number of query results.')
         self.client.delete_database(db1.id)
         self.client.delete_database(db2.id)
@@ -507,30 +507,30 @@ def test_partitioned_collection_document_crud_and_query(self):
         # query document on the partition key specified in the predicate will pass even without setting enableCrossPartitionQuery or passing in the partitionKey value
         documentlist = list(created_collection.query_items(
             {
-                'query': 'SELECT * FROM root r WHERE r.id=\'' + replaced_document.get('id') + '\''  #nosec
+                'query': 'SELECT * FROM root r WHERE r.id=\'' + replaced_document.get('id') + '\''  # nosec
             }))
         self.assertEqual(1, len(documentlist))
 
         # query document on any property other than partitionKey will fail without setting enableCrossPartitionQuery or passing in the partitionKey value
         try:
             list(created_collection.query_items(
                 {
-                    'query': 'SELECT * FROM root r WHERE r.key=\'' + replaced_document.get('key') + '\''    #nosec
+                    'query': 'SELECT * FROM root r WHERE r.key=\'' + replaced_document.get('key') + '\''    # nosec
                 }))
         except Exception:
             pass
 
         # cross partition query
         documentlist = list(created_collection.query_items(
-            query='SELECT * FROM root r WHERE r.key=\'' + replaced_document.get('key') + '\'',  #nosec
+            query='SELECT * FROM root r WHERE r.key=\'' + replaced_document.get('key') + '\'',  # nosec
             enable_cross_partition_query=True
         ))
 
         self.assertEqual(1, len(documentlist))
 
         # query document by providing the partitionKey value
         documentlist = list(created_collection.query_items(
-            query='SELECT * FROM root r WHERE r.key=\'' + replaced_document.get('key') + '\'',  #nosec
+            query='SELECT * FROM root r WHERE r.key=\'' + replaced_document.get('key') + '\'',  # nosec
             partition_key=replaced_document.get('id')
         ))
 
@@ -746,14 +746,14 @@ def test_partitioned_collection_conflict_crud_and_query(self):
         # query conflicts on any property other than partitionKey will fail without setting enableCrossPartitionQuery or passing in the partitionKey value
         try:
             list(created_collection.query_conflicts(
-                    query='SELECT * FROM root r WHERE r.resourceType=\'' + conflict_definition.get( #nosec
+                    query='SELECT * FROM root r WHERE r.resourceType=\'' + conflict_definition.get( # nosec
                         'resourceType') + '\''
                 ))
         except Exception:
             pass
 
         conflictlist = list(created_collection.query_conflicts(
-                query='SELECT * FROM root r WHERE r.resourceType=\'' + conflict_definition.get('resourceType') + '\'',  #nosec
+                query='SELECT * FROM root r WHERE r.resourceType=\'' + conflict_definition.get('resourceType') + '\'',  # nosec
                 enable_cross_partition_query=True
         ))
 
@@ -762,7 +762,7 @@ def test_partitioned_collection_conflict_crud_and_query(self):
         # query conflicts by providing the partitionKey value
         options = {'partitionKey': conflict_definition.get('id')}
         conflictlist = list(created_collection.query_conflicts(
-            query='SELECT * FROM root r WHERE r.resourceType=\'' + conflict_definition.get('resourceType') + '\'',  #nosec
+            query='SELECT * FROM root r WHERE r.resourceType=\'' + conflict_definition.get('resourceType') + '\'',  # nosec
             partition_key=conflict_definition['id']
         ))
 

sdk/cosmos/azure-cosmos/test/test_globaldb.py

@@ -89,15 +89,15 @@ def setUp(self):
         self.client = cosmos_client_connection.CosmosClientConnection(Test_globaldb_tests.host, Test_globaldb_tests.masterKey)
 
         # Create the test database only when it's not already present
-        query_iterable = self.client.QueryDatabases('SELECT * FROM root r WHERE r.id=\'' + Test_globaldb_tests.test_database_id + '\'') #nosec
+        query_iterable = self.client.QueryDatabases('SELECT * FROM root r WHERE r.id=\'' + Test_globaldb_tests.test_database_id + '\'') # nosec
         it = iter(query_iterable)
 
         self.test_db = next(it, None)
         if self.test_db is None:
             self.test_db = self.client.CreateDatabase({'id' : Test_globaldb_tests.test_database_id})
 
         # Create the test collection only when it's not already present
-        query_iterable = self.client.QueryContainers(self.test_db['_self'], 'SELECT * FROM root r WHERE r.id=\'' + Test_globaldb_tests.test_collection_id + '\'')   #nosec
+        query_iterable = self.client.QueryContainers(self.test_db['_self'], 'SELECT * FROM root r WHERE r.id=\'' + Test_globaldb_tests.test_collection_id + '\'')   # nosec
         it = iter(query_iterable)
 
         self.test_coll = next(it, None)

sdk/cosmos/azure-cosmos/test/test_multi_orderby.py

@@ -252,7 +252,7 @@ def test_multi_orderby_queries(self):
                         where_string = "WHERE root." + self.NUMBER_FIELD + " % 2 = 0" if has_filter else ""
                         query = "SELECT " + top_string + " [" + select_item_builder + "] " + \
                                 "FROM root " + where_string + " " + \
-                                "ORDER BY " + orderby_item_builder  #nosec
+                                "ORDER BY " + orderby_item_builder  # nosec
 
                         expected_ordered_list = self.top(self.sort(self.filter(self.items, has_filter), composite_index, invert), has_top, top_count)
 

sdk/cosmos/azure-cosmos/test/test_orderby.py

@@ -168,7 +168,7 @@ def test_orderby_top_query(self):
 
         # an order by query with top, total existing docs more than requested top count   
         query = {
-                 'query': 'SELECT top %d * FROM root r order by r.spam' % top_count #nosec
+                 'query': 'SELECT top %d * FROM root r order by r.spam' % top_count # nosec
         }    
 
         def get_order_by_key(r):
@@ -186,7 +186,7 @@ def test_orderby_top_query_less_results_than_top_counts(self):
 
         # an order by query with top, total existing docs less than requested top count   
         query = {
-                 'query': 'SELECT top %d * FROM root r order by r.spam' % top_count #nosec
+                 'query': 'SELECT top %d * FROM root r order by r.spam' % top_count # nosec
         }  
 
         def get_order_by_key(r):
@@ -226,7 +226,7 @@ def test_top_query(self):
 
         # a top query, the results will be sorted based on the target partition key range  
         query = {
-                 'query': 'SELECT top %d * FROM root r' % len(expected_ordered_ids) #nosec
+                 'query': 'SELECT top %d * FROM root r' % len(expected_ordered_ids) # nosec
         }
         self.execute_query_and_validate_results(query, expected_ordered_ids)
 
@@ -260,7 +260,7 @@ def test_top_query_as_string(self):
         expected_ordered_ids = [d['id'] for d in first_two_ranges_results]
 
         # a top query, the results will be sorted based on the target partition key range  
-        query = 'SELECT top %d * FROM root r' % len(expected_ordered_ids)   #nosec
+        query = 'SELECT top %d * FROM root r' % len(expected_ordered_ids)   # nosec
         self.execute_query_and_validate_results(query, expected_ordered_ids)
 
     def test_parametrized_top_query(self):

sdk/cosmos/azure-cosmos/test/test_query.py

@@ -349,55 +349,55 @@ def test_distinct(self):
         padded_docs = self._pad_with_none(documents, distinct_field)
 
         self._validate_distinct(created_collection=created_collection,
-                                query='SELECT distinct c.%s from c ORDER BY c.%s' % (distinct_field, distinct_field),   #nosec
+                                query='SELECT distinct c.%s from c ORDER BY c.%s' % (distinct_field, distinct_field),   # nosec
                                 results=self._get_distinct_docs(self._get_order_by_docs(padded_docs, distinct_field, None), distinct_field, None, True),
                                 is_select=False,
                                 fields=[distinct_field])
 
         self._validate_distinct(created_collection=created_collection,
-                                query='SELECT distinct c.%s, c.%s from c ORDER BY c.%s, c.%s' % (distinct_field, pk_field, pk_field, distinct_field),   #nosec
+                                query='SELECT distinct c.%s, c.%s from c ORDER BY c.%s, c.%s' % (distinct_field, pk_field, pk_field, distinct_field),   # nosec
                                 results=self._get_distinct_docs(self._get_order_by_docs(padded_docs, pk_field, distinct_field), distinct_field, pk_field, True),
                                 is_select=False,
                                 fields=[distinct_field, pk_field])
 
         self._validate_distinct(created_collection=created_collection,
-                                query='SELECT distinct c.%s, c.%s from c ORDER BY c.%s, c.%s' % (distinct_field, pk_field, distinct_field, pk_field),   #nosec
+                                query='SELECT distinct c.%s, c.%s from c ORDER BY c.%s, c.%s' % (distinct_field, pk_field, distinct_field, pk_field),   # nosec
                                 results=self._get_distinct_docs(self._get_order_by_docs(padded_docs, distinct_field, pk_field), distinct_field, pk_field, True),
                                 is_select=False,
                                 fields=[distinct_field, pk_field])
 
         self._validate_distinct(created_collection=created_collection,
-                                query='SELECT distinct value c.%s from c ORDER BY c.%s' % (distinct_field, distinct_field), #nosec
+                                query='SELECT distinct value c.%s from c ORDER BY c.%s' % (distinct_field, distinct_field), # nosec
                                 results=self._get_distinct_docs(self._get_order_by_docs(padded_docs, distinct_field, None), distinct_field, None, True),
                                 is_select=False,
                                 fields=[distinct_field])
 
         self._validate_distinct(created_collection=created_collection,
-                                query='SELECT distinct c.%s from c' % (distinct_field), #nosec
+                                query='SELECT distinct c.%s from c' % (distinct_field), # nosec
                                 results=self._get_distinct_docs(padded_docs, distinct_field, None, False),
                                 is_select=True,
                                 fields=[distinct_field])
 
         self._validate_distinct(created_collection=created_collection,
-                                query='SELECT distinct c.%s, c.%s from c' % (distinct_field, pk_field), #nosec
+                                query='SELECT distinct c.%s, c.%s from c' % (distinct_field, pk_field), # nosec
                                 results=self._get_distinct_docs(padded_docs, distinct_field, pk_field, False),
                                 is_select=True,
                                 fields=[distinct_field, pk_field])
 
         self._validate_distinct(created_collection=created_collection,
-                                query='SELECT distinct value c.%s from c' % (distinct_field),   #nosec
+                                query='SELECT distinct value c.%s from c' % (distinct_field),   # nosec
                                 results=self._get_distinct_docs(padded_docs, distinct_field, None, True),
                                 is_select=True,
                                 fields=[distinct_field])
 
         self._validate_distinct(created_collection=created_collection,
-                                query='SELECT distinct c.%s from c ORDER BY c.%s' % (different_field, different_field), #nosec
+                                query='SELECT distinct c.%s from c ORDER BY c.%s' % (different_field, different_field), # nosec
                                 results=[],
                                 is_select=True,
                                 fields=[different_field])
 
         self._validate_distinct(created_collection=created_collection,
-                                query='SELECT distinct c.%s from c' % (different_field),    #nosec
+                                query='SELECT distinct c.%s from c' % (different_field),    # nosec
                                 results=['None'],
                                 is_select=True,
                                 fields=[different_field])

sdk/datalake/azure-mgmt-datalake-analytics/tests/test_mgmt_datalake_analytics.py

@@ -154,7 +154,7 @@ def setUp(self):
     )
   AS
   T(a, b);
-END;""".format(self.db_name, self.table_name, self.tvf_name, self.view_name, self.proc_name)    #nosec
+END;""".format(self.db_name, self.table_name, self.tvf_name, self.view_name, self.proc_name)    # nosec
 
         # define all the job IDs to be used during execution
         if self.is_playback():

sdk/eventhub/azure-eventhub-checkpointstoreblob-aio/azure/eventhub/extensions/checkpointstoreblobaio/_vendor/storage/blob/_shared/policies.py

@@ -350,7 +350,7 @@ def __init__(self, **kwargs):  # pylint: disable=unused-argument
 
     @staticmethod
     def get_content_md5(data):
-        md5 = hashlib.md5() #nosec
+        md5 = hashlib.md5() # nosec
         if isinstance(data, bytes):
             md5.update(data)
         elif hasattr(data, 'read'):

sdk/eventhub/azure-eventhub-checkpointstoreblob/azure/eventhub/extensions/checkpointstoreblob/_vendor/storage/blob/_shared/policies.py

@@ -350,7 +350,7 @@ def __init__(self, **kwargs):  # pylint: disable=unused-argument
 
     @staticmethod
     def get_content_md5(data):
-        md5 = hashlib.md5() #nosec
+        md5 = hashlib.md5() # nosec
         if isinstance(data, bytes):
             md5.update(data)
         elif hasattr(data, 'read'):

sdk/identity/azure-identity/tests/test_browser_credential.py

@@ -284,8 +284,8 @@ def test_redirect_server():
     thread.start()
 
     # send a request, verify the server exposes the query
-    url = "http://127.0.0.1:{}/?{}={}".format(port, expected_param, expected_value) #nosec
-    response = urllib.request.urlopen(url)  #nosec
+    url = "http://127.0.0.1:{}/?{}={}".format(port, expected_param, expected_value) # nosec
+    response = urllib.request.urlopen(url)  # nosec
 
     assert response.code == 200
     assert server.query_params[expected_param] == [expected_value]

sdk/storage/azure-storage-blob/azure/storage/blob/_shared/policies.py

@@ -322,7 +322,7 @@ def __init__(self, **kwargs):  # pylint: disable=unused-argument
 
     @staticmethod
     def get_content_md5(data):
-        md5 = hashlib.md5() #nosec
+        md5 = hashlib.md5() # nosec
         if isinstance(data, bytes):
             md5.update(data)
         elif hasattr(data, 'read'):

sdk/storage/azure-storage-blob/samples/blob_samples_client_side_encryption.py

@@ -87,8 +87,8 @@ def wrap_key(self, key, algorithm='RSA'):
         if algorithm == 'RSA':
             return self.public_key.encrypt(key,
                                            OAEP(
-                                               mgf=MGF1(algorithm=SHA1()),  #nosec
-                                               algorithm=SHA1(),    #nosec
+                                               mgf=MGF1(algorithm=SHA1()),  # nosec
+                                               algorithm=SHA1(),    # nosec
                                                label=None)
                                            )
         raise ValueError('Unknown key wrap algorithm.')
@@ -97,8 +97,8 @@ def unwrap_key(self, key, algorithm):
         if algorithm == 'RSA':
             return self.private_key.decrypt(key,
                                             OAEP(
-                                                mgf=MGF1(algorithm=SHA1()), #nosec
-                                                algorithm=SHA1(),   #nosec
+                                                mgf=MGF1(algorithm=SHA1()), # nosec
+                                                algorithm=SHA1(),   # nosec
                                                 label=None)
                                             )
         raise ValueError('Unknown key wrap algorithm.')

sdk/storage/azure-storage-blob/tests/encryption_test_helper.py

@@ -65,8 +65,8 @@ def wrap_key(self, key, algorithm='RSA'):
         if algorithm == 'RSA':
             return self.public_key.encrypt(key,
                                            OAEP(
-                                               mgf=MGF1(algorithm=SHA1()),  #nosec
-                                               algorithm=SHA1(),    #nosec
+                                               mgf=MGF1(algorithm=SHA1()),  # nosec
+                                               algorithm=SHA1(),    # nosec
                                                label=None)
                                            )
 
@@ -76,8 +76,8 @@ def unwrap_key(self, key, algorithm):
         if algorithm == 'RSA':
             return self.private_key.decrypt(key,
                                             OAEP(
-                                                mgf=MGF1(algorithm=SHA1()), #nosec
-                                                algorithm=SHA1(),   #nosec
+                                                mgf=MGF1(algorithm=SHA1()), # nosec
+                                                algorithm=SHA1(),   # nosec
                                                 label=None)
                                             )
 

sdk/storage/azure-storage-file-datalake/azure/storage/filedatalake/_shared/policies.py

@@ -322,7 +322,7 @@ def __init__(self, **kwargs):  # pylint: disable=unused-argument
 
     @staticmethod
     def get_content_md5(data):
-        md5 = hashlib.md5() #nosec
+        md5 = hashlib.md5() # nosec
         if isinstance(data, bytes):
             md5.update(data)
         elif hasattr(data, 'read'):