From 0961041590d32e8bae599cc891ccf0e00390872b Mon Sep 17 00:00:00 2001
From: Terri Oda <terri@toybox.ca>
Date: Wed, 7 Aug 2024 17:16:42 -0700
Subject: [PATCH] fix: improve schema validation for bandit

In the course of some other refactoring in cvedb.py, we've got another
way to handle schema valiation such that bandit won't complain.

* fixes #3933
* closes #3965

Signed-off-by: Terri Oda <terri.oda@intel.com>
---
 cve_bin_tool/cvedb.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cve_bin_tool/cvedb.py b/cve_bin_tool/cvedb.py
index 041bb3a88c..62d525a446 100644
--- a/cve_bin_tool/cvedb.py
+++ b/cve_bin_tool/cvedb.py
@@ -344,7 +344,7 @@ def latest_schema(
 
         self.LOGGER.debug("Check database is using latest schema")
         cursor = self.db_open_and_get_cursor()
-        schema_check = f"SELECT * FROM {table_name} WHERE 1=0"  # nosec
+        schema_check = self.EMPTY_SELECT_QUERIES[table_name]
         result = cursor.execute(schema_check)
         schema_latest = False