fix: improve bandit config intel#3830

bandit.conf

@@ -85,11 +85,11 @@
 tests:
 
 # (optional) list skipped test IDs here, eg '[B101, B406]':
-skips: ['B603', 'B607', 'B404', "B608"]
+skips: ['B603', 'B607', 'B404']
 # B603, B607 and B404 are all subprocess-related.
 # B608 should be re-enabled when multi-line issues can be marked with nosec
 
-# Explantion: cve-bin-tool is at heart a shell script that calls other processes.
+# Explanation: cve-bin-tool is at heart a shell script that calls other processes.
 # Switching to pure python has significant performance impacts.
 
 # skips assert rule on tests
@@ -100,5 +100,4 @@ assert_used:
 ### that may be given here, per-plugin. All bandit test plugins have a built in
 ### set of sensible defaults and these will be used if no configuration is
 ### provided. It is not necessary to provide settings for every (or any) plugin
-### if the defaults are acceptable.
-
+### if the defaults are acceptable.

cve_bin_tool/cvedb.py

@@ -253,7 +253,7 @@ def latest_schema(
 
         self.LOGGER.debug("Check database is using latest schema")
         cursor = self.db_open_and_get_cursor()
-        schema_check = f"SELECT * FROM {table_name} WHERE 1=0"
+        schema_check = f"SELECT * FROM {table_name} WHERE 1=0" #nosec
         result = cursor.execute(schema_check)
         schema_latest = False
 
@@ -865,7 +865,7 @@ def get_all_records_in_table(self, table_name):
         """Return JSON of all records in a database table."""
         cursor = self.db_open_and_get_cursor()
         cursor.row_factory = self.dict_factory
-        cursor.execute(f"SELECT * FROM '{table_name}' ")
+        cursor.execute(f"SELECT * FROM '{table_name}' ") #nosec
         # fetchall as result
         results = cursor.fetchall()
         self.db_close()