add suppress rule for 2 false positives in bandit

awslabs · Nov 16, 2023 · 139ebad · 139ebad
1 parent a2cffd8
commit 139ebad
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/lambda/aws-qa-appsync-opensearch/question_answering/src/qa_agent/helper.py b/lambda/aws-qa-appsync-opensearch/question_answering/src/qa_agent/helper.py
@@ -99,7 +99,9 @@ def load_vector_db_opensearch(region: str,
     print(f"load_vector_db_opensearch, region={region}, "
                 f"opensearch_domain_endpoint={opensearch_domain_endpoint}, opensearch_index={opensearch_index}")
 
-    if secret_id != 'NONE': # user uses username/password 
+    # if the secret id is not provided
+    # uses username password
+    if secret_id != 'NONE': # nosec
         creds = get_credentials(secret_id, aws_region)
         http_auth = (creds['username'], creds['password'])
     else: # sigv4

diff --git a/lambda/aws-rag-appsync-stepfn-opensearch/embeddings_job/src/lambda.py b/lambda/aws-rag-appsync-stepfn-opensearch/embeddings_job/src/lambda.py
@@ -90,7 +90,9 @@ def get_bedrock_client(service_name="bedrock-runtime"):
 @metrics.log_metrics(capture_cold_start_metric=True)
 def handler(event,  context: LambdaContext) -> dict:
 
-    if opensearch_secret_id != 'NONE': # user uses username/password 
+    # if the secret id is not provided
+    # uses username password
+    if opensearch_secret_id != 'NONE': # nosec 
         creds = get_credentials(opensearch_secret_id, aws_region)
         http_auth = (creds['username'], creds['password'])
     else: #