Enable some more bandit checks (#30857)

* Enable B108 (hardcoded tmp dir), address findings * Enable B602 (subprocess popen with shell), address findings * Enable B604 (start process with shell), address findings * Enable B306 (mktemp), B307 (eval), and B325 (tempnam), no issues to address
2020-01-20 18:44:55 +02:00 · 2020-01-20 18:44:55 +02:00 · 5e2ba2eb77
commit 5e2ba2eb77
parent 6cf20fc7fa
21 changed files with 110 additions and 91 deletions
--- a/homeassistant/components/command_line/switch.py
+++ b/homeassistant/components/command_line/switch.py
@ -94,7 +94,7 @@ class CommandSwitch(SwitchDevice):
        """Execute the actual commands."""
        _LOGGER.info("Running command: %s", command)

-        success = subprocess.call(command, shell=True) == 0
+        success = subprocess.call(command, shell=True) == 0  # nosec # shell by design

        if not success:
            _LOGGER.error("Command failed: %s", command)
@ -107,7 +107,9 @@ class CommandSwitch(SwitchDevice):
        _LOGGER.info("Running state command: %s", command)

        try:
-            return_value = subprocess.check_output(command, shell=True)
+            return_value = subprocess.check_output(
+                command, shell=True  # nosec # shell by design
+            )
            return return_value.strip().decode("utf-8")
        except subprocess.CalledProcessError:
            _LOGGER.error("Command failed: %s", command)
@ -116,7 +118,7 @@ class CommandSwitch(SwitchDevice):
    def _query_state_code(command):
        """Execute state command for return code."""
        _LOGGER.info("Running state command: %s", command)
-        return subprocess.call(command, shell=True) == 0
+        return subprocess.call(command, shell=True) == 0  # nosec # shell by design

    @property
    def should_poll(self):