Clear 5 Codacy main-branch findings

JE-Chen · JE-Chen · commit 021d006b54e6 · 2026-04-25T01:45:15.000+08:00
- rest_server: rename _JSONHandler.log_message parameter back to
  ``format`` so the signature matches BaseHTTPRequestHandler, silencing
  PyLint W0221 (arguments-renamed); add a pylint disable comment because
  the name deliberately shadows the builtin
- conf.py: add ``# pylint: disable=redefined-builtin`` next to the
  existing ruff noqa for Sphinx's required ``copyright`` global (W0622)
- clipboard._linux_get/_linux_set: annotate the two subprocess.run
  calls with nosemgrep for dangerous-subprocess-use-audit; the argv
  list is built from an allowlist (xclip/xsel) located via shutil.which
- shell_process.exec_shell: same nosemgrep annotation on the Popen
  call; argv is shlex-split then validated by ``_normalize_command``
diff --git a/docs/source/conf.py b/docs/source/conf.py
@@ -11,7 +11,7 @@
 # -- Project information -----------------------------------------------------
 
 project = 'AutoControl'
-copyright = '2020 ~ Now, JE-Chen'  # noqa: A001  # reason: Sphinx-required name
+copyright = '2020 ~ Now, JE-Chen'  # noqa: A001  # pylint: disable=redefined-builtin  # reason: Sphinx-required name
 author = 'JE-Chen'
 release = '0.0.179'
 
diff --git a/je_auto_control/utils/clipboard/clipboard.py b/je_auto_control/utils/clipboard/clipboard.py
@@ -143,6 +143,7 @@ def _linux_get() -> str:
     if cmd is None:
         raise RuntimeError("Install xclip or xsel for Linux clipboard support")
     read_cmd = cmd + ["-o"] if cmd[0] == "xclip" else cmd + ["--output"]
+    # nosemgrep: python.lang.security.audit.dangerous-subprocess-use-audit.dangerous-subprocess-use-audit
     result = subprocess.run(  # nosec B603  # reason: argv from allowlist (xclip/xsel) discovered via shutil.which
         read_cmd, capture_output=True, check=True, timeout=5,
     )
@@ -154,6 +155,7 @@ def _linux_set(text: str) -> None:
     if cmd is None:
         raise RuntimeError("Install xclip or xsel for Linux clipboard support")
     write_cmd = cmd + ["-i"] if cmd[0] == "xclip" else cmd + ["--input"]
+    # nosemgrep: python.lang.security.audit.dangerous-subprocess-use-audit.dangerous-subprocess-use-audit
     subprocess.run(  # nosec B603  # reason: argv from allowlist (xclip/xsel) discovered via shutil.which
         write_cmd, input=text.encode("utf-8"),
         check=True, timeout=5,
diff --git a/je_auto_control/utils/rest_api/rest_server.py b/je_auto_control/utils/rest_api/rest_server.py
@@ -25,9 +25,9 @@ class _JSONHandler(BaseHTTPRequestHandler):
     server_version = "AutoControlREST/1.0"
 
     # Suppress default stderr access logs — route through the project logger.
-    def log_message(self, fmt: str, *args: Any) -> None:
+    def log_message(self, format, *args) -> None:  # noqa: A002  # pylint: disable=redefined-builtin  # reason: stdlib BaseHTTPRequestHandler override
         autocontrol_logger.info("rest-api %s - %s",
-                                self.address_string(), fmt % args)
+                                self.address_string(), format % args)
 
     def do_GET(self) -> None:  # noqa: N802  # reason: stdlib API
         parsed = urlparse(self.path)
diff --git a/je_auto_control/utils/shell_process/shell_exec.py b/je_auto_control/utils/shell_process/shell_exec.py
@@ -51,6 +51,7 @@ def exec_shell(self, shell_command: Union[str, List[str]]) -> None:
         try:
             self.exit_program()
             args = _normalize_command(shell_command)
+            # nosemgrep: python.lang.security.audit.dangerous-subprocess-use-audit.dangerous-subprocess-use-audit
             self.process = subprocess.Popen(  # nosec B603  # reason: shell=False, argv list validated via _normalize_command
                 args,
                 stdout=subprocess.PIPE,
