From f279980b445d4e2b9e15144d33bc19fa90634706 Mon Sep 17 00:00:00 2001
From: Chuck <chuck@example.com>
Date: Sun, 24 May 2026 14:58:36 -0400
Subject: [PATCH] fix(wifi): suppress false-positive Bandit B603/B607 on new
 nmcli calls
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Both subprocess.run calls in the SSID connection lookup use fixed
arguments (no user input) or values derived from nmcli's own output —
not from user-controlled data. Add nosec B603 B607 annotations to
silence the Codacy/Bandit warnings, consistent with existing nosec
usage in the file.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 src/wifi_manager.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/wifi_manager.py b/src/wifi_manager.py
index a385b7a1..4e2d514f 100644
--- a/src/wifi_manager.py
+++ b/src/wifi_manager.py
@@ -1474,7 +1474,7 @@ class WiFiManager:
             # Find existing NM connection for this SSID.
             # 802-11-wireless.ssid is not a valid column in 'nmcli connection show',
             # so list all wifi connections then query each one's SSID individually.
-            list_result = subprocess.run(
+            list_result = subprocess.run(  # nosec B603 B607 - fixed args, no user input
                 ["nmcli", "-t", "-f", "NAME,TYPE", "connection", "show"],
                 capture_output=True, text=True, timeout=5
             )
@@ -1487,7 +1487,7 @@ class WiFiManager:
                     if len(parts) < 2 or parts[1].strip() != '802-11-wireless':
                         continue
                     conn_name = parts[0].strip()
-                    ssid_r = subprocess.run(
+                    ssid_r = subprocess.run(  # nosec B603 B607 - conn_name from nmcli output, not user input
                         ["nmcli", "-g", "802-11-wireless.ssid", "connection", "show", conn_name],
                         capture_output=True, text=True, timeout=5
                     )