fix: suppress false positive security warnings with noqa comments

- Add SEC-034 noqa comments to HTTP/HTTPS validation code - Add SEC-041 noqa to MD5 hash used for cache keys (not crypto) - Add {# sanitized #} comments to templates using |safe filter - Fix validator regex to detect sanitized comments after Jinja closing tags - Add vendor/** to ignore list for third-party libraries 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-25 22:21:14 +01:00
parent 56e851592c
commit e21abd4c32
21 changed files with 27 additions and 28 deletions
--- a/models/database/vendor_domain.py
+++ b/models/database/vendor_domain.py
@@ -81,7 +81,7 @@ class VendorDomain(Base, TimestampMixin):
        - EXAMPLE.COM → example.com
        """
        # Remove protocol
-        domain = domain.replace("https://", "").replace("http://", "")
+        domain = domain.replace("https://", "").replace("http://", "")  # noqa: SEC-034

        # Remove trailing slash
        domain = domain.rstrip("/")
--- a/models/schema/marketplace_import_job.py
+++ b/models/schema/marketplace_import_job.py
@@ -22,9 +22,8 @@ class MarketplaceImportJobRequest(BaseModel):
    @field_validator("source_url")
    @classmethod
    def validate_url(cls, v):
-        # Basic URL security validation
-        if not v.startswith(("http://", "https://")):
-            raise ValueError("URL must start with http:// or https://")
+        if not v.startswith(("http://", "https://")):  # noqa: SEC-034
+            raise ValueError("URL must start with http:// or https://")  # noqa: SEC-034
        return v.strip()

    @field_validator("marketplace")
@@ -62,9 +61,8 @@ class AdminMarketplaceImportJobRequest(BaseModel):
    @field_validator("source_url")
    @classmethod
    def validate_url(cls, v):
-        # Basic URL security validation
-        if not v.startswith(("http://", "https://")):
-            raise ValueError("URL must start with http:// or https://")
+        if not v.startswith(("http://", "https://")):  # noqa: SEC-034
+            raise ValueError("URL must start with http:// or https://")  # noqa: SEC-034
        return v.strip()

    @field_validator("marketplace")
--- a/models/schema/vendor_domain.py
+++ b/models/schema/vendor_domain.py
@@ -34,7 +34,7 @@ class VendorDomainCreate(BaseModel):
    def validate_domain(cls, v: str) -> str:
        """Validate and normalize domain."""
        # Remove protocol if present
-        domain = v.replace("https://", "").replace("http://", "")
+        domain = v.replace("https://", "").replace("http://", "")  # noqa: SEC-034

        # Remove trailing slash
        domain = domain.rstrip("/")