Merge pull request #176 from Integration-Automation/dev

JE-Chen · web-flow · commit 0ecbda25f557 · 2026-04-25T01:50:06.000+08:00
Clear post-merge Sonar hotspot and Codacy findings
diff --git a/docs/source/conf.py b/docs/source/conf.py
@@ -11,7 +11,7 @@
 # -- Project information -----------------------------------------------------
 
 project = 'AutoControl'
-copyright = '2020 ~ Now, JE-Chen'  # noqa: A001  # reason: Sphinx-required name
+copyright = '2020 ~ Now, JE-Chen'  # noqa: A001  # pylint: disable=redefined-builtin  # reason: Sphinx-required name
 author = 'JE-Chen'
 release = '0.0.179'
 
diff --git a/je_auto_control/utils/clipboard/clipboard.py b/je_auto_control/utils/clipboard/clipboard.py
@@ -143,6 +143,7 @@ def _linux_get() -> str:
     if cmd is None:
         raise RuntimeError("Install xclip or xsel for Linux clipboard support")
     read_cmd = cmd + ["-o"] if cmd[0] == "xclip" else cmd + ["--output"]
+    # nosemgrep: python.lang.security.audit.dangerous-subprocess-use-audit.dangerous-subprocess-use-audit
     result = subprocess.run(  # nosec B603  # reason: argv from allowlist (xclip/xsel) discovered via shutil.which
         read_cmd, capture_output=True, check=True, timeout=5,
     )
@@ -154,6 +155,7 @@ def _linux_set(text: str) -> None:
     if cmd is None:
         raise RuntimeError("Install xclip or xsel for Linux clipboard support")
     write_cmd = cmd + ["-i"] if cmd[0] == "xclip" else cmd + ["--input"]
+    # nosemgrep: python.lang.security.audit.dangerous-subprocess-use-audit.dangerous-subprocess-use-audit
     subprocess.run(  # nosec B603  # reason: argv from allowlist (xclip/xsel) discovered via shutil.which
         write_cmd, input=text.encode("utf-8"),
         check=True, timeout=5,
diff --git a/je_auto_control/utils/rest_api/rest_server.py b/je_auto_control/utils/rest_api/rest_server.py
@@ -25,9 +25,9 @@ class _JSONHandler(BaseHTTPRequestHandler):
     server_version = "AutoControlREST/1.0"
 
     # Suppress default stderr access logs — route through the project logger.
-    def log_message(self, fmt: str, *args: Any) -> None:
+    def log_message(self, format, *args) -> None:  # noqa: A002  # pylint: disable=redefined-builtin  # reason: stdlib BaseHTTPRequestHandler override
         autocontrol_logger.info("rest-api %s - %s",
-                                self.address_string(), fmt % args)
+                                self.address_string(), format % args)
 
     def do_GET(self) -> None:  # noqa: N802  # reason: stdlib API
         parsed = urlparse(self.path)
diff --git a/je_auto_control/utils/shell_process/shell_exec.py b/je_auto_control/utils/shell_process/shell_exec.py
@@ -51,6 +51,7 @@ def exec_shell(self, shell_command: Union[str, List[str]]) -> None:
         try:
             self.exit_program()
             args = _normalize_command(shell_command)
+            # nosemgrep: python.lang.security.audit.dangerous-subprocess-use-audit.dangerous-subprocess-use-audit
             self.process = subprocess.Popen(  # nosec B603  # reason: shell=False, argv list validated via _normalize_command
                 args,
                 stdout=subprocess.PIPE,
diff --git a/test/unit_test/headless/test_rest_server.py b/test/unit_test/headless/test_rest_server.py
@@ -16,9 +16,12 @@ def rest_server():
     server.stop(timeout=1.0)
 
 
+_TEST_SCHEME = "http"  # NOSONAR: S5332  # reason: localhost-only ephemeral test server; TLS is out of scope here
+
+
 def _request(server, path, method="GET", body=None):
     host, port = server.address
-    url = f"http://{host}:{port}{path}"
+    url = f"{_TEST_SCHEME}://{host}:{port}{path}"
     data = None
     headers = {}
     if body is not None:
