tests: fix ruff lint errors in security tests

2026-01-18 10:04:27 +01:00
parent 661dab4a81
commit 97bf955820
5 changed files with 19 additions and 21 deletions
--- a/tests/security/cli_security_audit.py
+++ b/tests/security/cli_security_audit.py
@@ -10,7 +10,7 @@ from pathlib import Path
 # Load fpaste as a module by exec
 fpaste_path = Path("/home/user/git/flaskpaste/fpaste")
 fpaste_globals = {"__name__": "fpaste", "__file__": str(fpaste_path)}
-exec(compile(fpaste_path.read_text(), fpaste_path, "exec"), fpaste_globals)
+exec(compile(fpaste_path.read_text(), fpaste_path, "exec"), fpaste_globals)  # noqa: S102

 # Import from loaded module
 TRUSTED_CLIPBOARD_DIRS = fpaste_globals["TRUSTED_CLIPBOARD_DIRS"]
@@ -39,10 +39,10 @@ def test_trusted_path_validation():

    # Test untrusted paths
    untrusted_tests = [
-        ("/tmp/xclip", False, "tmp directory"),
+        ("/tmp/xclip", False, "tmp directory"),  # noqa: S108
        ("/home/user/bin/xclip", False, "user bin"),
        ("./xclip", False, "current directory"),
-        ("/var/tmp/malicious", False, "var tmp"),
+        ("/var/tmp/malicious", False, "var tmp"),  # noqa: S108
        ("/home/attacker/.local/bin/xclip", False, "user local"),
    ]

@@ -64,7 +64,7 @@ def test_path_injection():
    print("=" * 50)

    # Create a malicious "xclip" in /tmp
-    malicious_path = Path("/tmp/xclip")
+    malicious_path = Path("/tmp/xclip")  # noqa: S108
    try:
        malicious_path.write_text("#!/bin/sh\necho 'PWNED' > /tmp/pwned\n")
        malicious_path.chmod(0o755)
@@ -73,7 +73,7 @@ def test_path_injection():
        original_path = os.environ.get("PATH", "")

        # Prepend /tmp to PATH (attacker-controlled)
-        os.environ["PATH"] = f"/tmp:{original_path}"
+        os.environ["PATH"] = f"/tmp:{original_path}"  # noqa: S108

        # Try to find clipboard command
        cmd = find_clipboard_command(CLIPBOARD_READ_COMMANDS)
@@ -86,7 +86,7 @@ def test_path_injection():
            return True

        # Check if it's using the malicious path
-        if cmd[0] == str(malicious_path) or cmd[0] == "/tmp/xclip":
+        if cmd[0] == str(malicious_path) or cmd[0] == "/tmp/xclip":  # noqa: S108
            print("  FAIL: Malicious /tmp/xclip was selected!")
            print(f"       Command: {cmd}")
            return False
@@ -125,9 +125,9 @@ def test_subprocess_safety():
    # Check subprocess.run uses list
    run_calls = re.findall(r"subprocess\.run\(([^)]+)\)", content)
    for call in run_calls:
-        if not call.strip().startswith("[") and not call.strip().startswith("cmd"):
-            if "cmd" not in call:  # Allow variable names like 'cmd'
-                issues.append(f"Possible string command in subprocess.run: {call[:50]}")
+        stripped = call.strip()
+        if not stripped.startswith("[") and not stripped.startswith("cmd") and "cmd" not in call:
+            issues.append(f"Possible string command in subprocess.run: {call[:50]}")

    if issues:
        for issue in issues: