Enable some more bandit checks (#30857)

* Enable B108 (hardcoded tmp dir), address findings * Enable B602 (subprocess popen with shell), address findings * Enable B604 (start process with shell), address findings * Enable B306 (mktemp), B307 (eval), and B325 (tempnam), no issues to address
2020-01-20 18:44:55 +02:00 · 2020-01-20 18:44:55 +02:00 · 5e2ba2eb77
commit 5e2ba2eb77
parent 6cf20fc7fa
21 changed files with 110 additions and 91 deletions
--- a/homeassistant/components/command_line/notify.py
+++ b/homeassistant/components/command_line/notify.py
@ -33,7 +33,10 @@ class CommandLineNotificationService(BaseNotificationService):
        """Send a message to a command line."""
        try:
            proc = subprocess.Popen(
-                self.command, universal_newlines=True, stdin=subprocess.PIPE, shell=True
+                self.command,
+                universal_newlines=True,
+                stdin=subprocess.PIPE,
+                shell=True,  # nosec # shell by design
            )
            proc.communicate(input=message)
            if proc.returncode != 0: