fix(wifi): suppress false-positive Bandit B603/B607 on new nmcli calls

Both subprocess.run calls in the SSID connection lookup use fixed arguments (no user input) or values derived from nmcli's own output — not from user-controlled data. Add nosec B603 B607 annotations to silence the Codacy/Bandit warnings, consistent with existing nosec usage in the file. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-25 21:43:32 +00:00 · 2026-05-24 14:58:36 -04:00
parent 6313b9c25f
commit f279980b44
1 changed files with 2 additions and 2 deletions
--- a/src/wifi_manager.py
+++ b/src/wifi_manager.py
@@ -1474,7 +1474,7 @@ class WiFiManager:
            # Find existing NM connection for this SSID.
            # 802-11-wireless.ssid is not a valid column in 'nmcli connection show',
            # so list all wifi connections then query each one's SSID individually.
-            list_result = subprocess.run(
+            list_result = subprocess.run(  # nosec B603 B607 - fixed args, no user input
                ["nmcli", "-t", "-f", "NAME,TYPE", "connection", "show"],
                capture_output=True, text=True, timeout=5
            )
@@ -1487,7 +1487,7 @@ class WiFiManager:
                    if len(parts) < 2 or parts[1].strip() != '802-11-wireless':
                        continue
                    conn_name = parts[0].strip()
-                    ssid_r = subprocess.run(
+                    ssid_r = subprocess.run(  # nosec B603 B607 - conn_name from nmcli output, not user input
                        ["nmcli", "-g", "802-11-wireless.ssid", "connection", "show", conn_name],
                        capture_output=True, text=True, timeout=5
                    )