chore: fixup comments and typing flags

benmss · benmss · commit 2ae183be749e · 2025-06-19T14:15:32.000+10:00
Signed-off-by: Ben Selwyn-Smith &lt;benselwynsmith@googlemail.com&gt;
diff --git a/src/macaron/malware_analyzer/pypi_heuristics/sourcecode/pypi_sourcecode_analyzer.py b/src/macaron/malware_analyzer/pypi_heuristics/sourcecode/pypi_sourcecode_analyzer.py
@@ -11,7 +11,7 @@
 import json
 import logging
 import os
-import subprocess  # nosec
+import subprocess  # nosec B404
 import tempfile
 
 import yaml
@@ -120,7 +120,7 @@ def _load_defaults(self, resources_path: str) -> tuple[str, str | None, set[str]
 
             semgrep_commands: list[str] = ["semgrep", "scan", "--validate", "--oss-only", "--config", custom_rule_path]
             try:
-                process = subprocess.run(semgrep_commands, check=True, capture_output=True)  # nosec
+                process = subprocess.run(semgrep_commands, check=True, capture_output=True)  # nosec B603
             except (subprocess.CalledProcessError, subprocess.TimeoutExpired) as semgrep_error:
                 error_msg = (
                     f"Unable to run semgrep validation on {custom_rule_path} with arguments "
@@ -185,8 +185,8 @@ def _extract_rule_ids(self, path: str, target_files: set[str]) -> set[str]:
             If any Semgrep rule file could not be safely loaded, or if their format was not in the expected Semgrep
             format, or if there were any files in 'target_files' not found when searching in 'path'.
         """
-        # We keep a record of any file paths we coulnd't find to provide a more useful error message, rather than raising
-        # an error on the first missing file we see.
+        # We keep a record of any file paths we couldn't find to provide a more useful error message, rather than
+        # raising an error on the first missing file we see.
         missing_files: list[str] = []
         target_file_paths: list[str] = []
         rule_ids: set[str] = set()
@@ -211,7 +211,7 @@ def _extract_rule_ids(self, path: str, target_files: set[str]) -> set[str]:
                 logger.debug(error_msg)
                 raise ConfigurationError(error_msg) from yaml_error
 
-            # should be a top-level key "rules", and then a list of rules (dictionaries) with "id" entries
+            # Should be a top-level key "rules", and then a list of rules (dictionaries) with "id" entries.
             try:
                 for semgrep_rule in semgrep_ruleset["rules"]:
                     rule_ids.add(semgrep_rule["id"])
@@ -243,7 +243,7 @@ def analyze(self, pypi_package_json: PyPIPackageJsonAsset) -> tuple[HeuristicRes
             if there is no source code available.
         """
         analysis_result: dict = {}
-        # since we have to run them anyway, return disabled rule findings for debug information
+        # Since we have to run them anyway, return disabled rule findings for debug information.
         disabled_results: dict = {}
         # Here, we disable 'nosemgrep' ignoring so that this is not an evasion method of our scan (i.e. malware includes
         # 'nosemgrep' comments to prevent our scan detecting those code lines). Read more about the 'nosemgrep' feature
@@ -266,7 +266,7 @@ def analyze(self, pypi_package_json: PyPIPackageJsonAsset) -> tuple[HeuristicRes
             semgrep_commands.append(f"--json-output={output_json_file.name}")
             logger.debug("executing: %s.", semgrep_commands)
             try:
-                process = subprocess.run(semgrep_commands, check=True, capture_output=True)  # nosec
+                process = subprocess.run(semgrep_commands, check=True, capture_output=True)  # nosec B603
             except (subprocess.CalledProcessError, subprocess.TimeoutExpired) as semgrep_error:
                 error_msg = (
                     f"Unable to run semgrep on {source_code_path} with arguments {semgrep_commands}: {semgrep_error}"
@@ -320,7 +320,7 @@ def analyze(self, pypi_package_json: PyPIPackageJsonAsset) -> tuple[HeuristicRes
                     analysis_result[rule_id] = {"message": message, "detections": []}
                 analysis_result[rule_id]["detections"].append({"file": file, "start": start, "end": end})
 
-        # some semgrep rules were triggered, even after removing disabled ones
+        # Some semgrep rules were triggered, even after removing disabled ones.
         if analysis_result:
             result = HeuristicResult.FAIL
 
diff --git a/src/macaron/parsers/pomparser.py b/src/macaron/parsers/pomparser.py
@@ -1,9 +1,9 @@
-# Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2024 - 2025, Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
 
 """This module contains the parser for POM files."""
 import logging
-from xml.etree.ElementTree import Element  # nosec
+from xml.etree.ElementTree import Element  # nosec B405
 
 import defusedxml.ElementTree
 from defusedxml.ElementTree import fromstring
diff --git a/src/macaron/repo_finder/repo_finder_java.py b/src/macaron/repo_finder/repo_finder_java.py
@@ -5,7 +5,7 @@
 import logging
 import re
 import urllib.parse
-from xml.etree.ElementTree import Element  # nosec
+from xml.etree.ElementTree import Element  # nosec B405
 
 from packageurl import PackageURL
 
