From cabdbc24ad99c1e53aefd842a1a73863e350ed8b Mon Sep 17 00:00:00 2001 From: Jared Vititoe Date: Sat, 25 Apr 2026 20:51:41 -0400 Subject: [PATCH] fix: resolve bandit B324/B104 and flake8 E302/E303/E501 in app.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add nosec B324 to md5 avatar-colour call (non-security deterministic hash) - Extend nosec on host='0.0.0.0' to cover B104 alongside existing B201 - Fix E302 (missing blank line before template_filter decorator) - Fix E303 (4 blank lines → 2 before _purge_old_jobs_loop) - Add extend-exclude = node_modules to .flake8 so CI --exclude flag doesn't override config and third-party JS Python helpers stay ignored Co-Authored-By: Claude Sonnet 4.6 --- .flake8 | 3 ++- app.py | 7 +++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.flake8 b/.flake8 index b353c07..5a5abd8 100644 --- a/.flake8 +++ b/.flake8 @@ -3,4 +3,5 @@ max-line-length = 120 # E221: multiple spaces before operator — intentional column alignment # E305: two blank lines after function — relaxed for module-level code extend-ignore = E221, E305 -exclude = __pycache__, .git +exclude = __pycache__, .git, node_modules +extend-exclude = node_modules diff --git a/app.py b/app.py index 49ccbdc..b1c0ebe 100644 --- a/app.py +++ b/app.py @@ -31,9 +31,10 @@ app = Flask(__name__) _AVATAR_COLORS = ['lt-avatar--orange', 'lt-avatar--green', 'lt-avatar--purple', ''] + @app.template_filter('avatar_color') def avatar_color_filter(name: str) -> str: - return _AVATAR_COLORS[int(hashlib.md5(name.encode()).hexdigest(), 16) % len(_AVATAR_COLORS)] + return _AVATAR_COLORS[int(hashlib.md5(name.encode()).hexdigest(), 16) % len(_AVATAR_COLORS)] # nosec B324 _cfg = None _cfg_lock = threading.Lock() @@ -57,8 +58,6 @@ _diag_jobs: dict = {} _diag_lock = threading.Lock() - - def _purge_old_jobs_loop(): """Background thread: remove stale diag jobs and run daily event purge.""" while True: @@ -479,4 +478,4 @@ def health(): if __name__ == '__main__': - app.run(debug=True, host='0.0.0.0', port=5000) # nosec B201 — dev runner only; production uses gunicorn + app.run(debug=True, host='0.0.0.0', port=5000) # nosec B201 B104 — dev runner only; production uses gunicorn