bandit: Sometimes bandit will notice a security risk when there is none. The example in the video demonstrates this nicely.
if path.startswith(("https:", "http:")):
with urllib.request.urlopen(path) as resp:
...
Bandit will try to detect usage of urlopen in order to warn the user that there
is a security risk. In fact, it will check for a lot of function signatures.
Bandit is worried that the path variable might contain file:// which might trigger
the code to read files from disk. It's good that bandit is critical, but in this case
the code already takes care of this risk.
This is a great use-case for the nosec comment. Adding that to the line will allow
us to tell bandit to go ahead an ignore the line.
if path.startswith(("https:", "http:")):
with urllib.request.urlopen(path) as resp: # nosec
...
If you re-run the bandit command with the nosec comment then it will no longer complain
about it.