From 89248f02f437c78ca80fa2c492fde07f1aeaeafa Mon Sep 17 00:00:00 2001
From: Fred Linkous Sharp <linkous8@gmail.com>
Date: Mon, 24 Feb 2020 15:22:39 -0600
Subject: [PATCH] Resolved bento warnings

---
 adjust     | 4 ++--
 formula.py | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/adjust b/adjust
index 4c67eab..2c7a4cc 100755
--- a/adjust
+++ b/adjust
@@ -307,7 +307,7 @@ class GitOps(Adjust):
         os.chdir(self.clone_dir)
         try:
             self._run_command(['git', 'diff-index', '--quiet', 'HEAD', '--'])
-        except Exception as e:
+        except Exception as e: # nosec (desired functionality, drops through to the add, commit, push logic)
             pass
         else:
             os.chdir(self.cwd)
@@ -396,7 +396,7 @@ class GitOps(Adjust):
     # expansion, etc.  The burden of safety is entirely on the user.
     def _run_shell_command(self, cmd, tout=None, cmd_type='Driver shell command'):
         res = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
-            shell=True, timeout=tout, executable='/bin/bash')
+            shell=True, timeout=tout, executable='/bin/bash') # nosec (see shell=true disclaimer in above comment)
         msg = "cmd '{}', exit code {}, stdout {}, stderr {}".format(cmd,
             res.returncode, res.stdout, res.stderr)
         assert res.returncode == 0, '{} failed:  {}'.format(cmd_type, msg)
diff --git a/formula.py b/formula.py
index 91e06fd..d97430e 100644
--- a/formula.py
+++ b/formula.py
@@ -43,5 +43,5 @@ def evaluate(expr, var):
     Note that vars will shadow any of the standard const/funcs, e.g., if a var 'pi'
     is included in the vars arg, it will shadow the standard math.pi value.
     '''
-    ret = eval(expr, get_gbl(), var)
+    ret = eval(expr, get_gbl(), var) # nosec (globals/locals constrained to safe subset)
     return ret