Fix static-analysis findings flagged on PR 202

- bandit B107: justify resume_token="" default (reconnect handle, not a credential)
- Sonar S5713: drop redundant exception subclasses already caught
  (json.JSONDecodeError/UnicodeDecodeError vs ValueError, FileNotFoundError vs OSError)
- Sonar S1244: use pytest.approx for float comparisons in QA tests
- Sonar S3776: extract datachannel dispatch from _wire_pc_handlers (16 -> under limit)
- Sonar S6418/S116/S1313/S5332: justified NOSONAR on USB test fixtures and
  loopback scheme-detection (not real credentials / outbound calls)

Author: JE-Chen

je_auto_control/gui/data_source_tab.py

@@ -108,7 +108,7 @@ def _on_load(self) -> None:
         try:
             limit = self._limit.value() or None
             rows = load_rows(self._build_source(), limit=limit)
-        except (ValueError, OSError, RuntimeError, json.JSONDecodeError) as error:
+        except (ValueError, OSError, RuntimeError) as error:
             self._status.setText(_t("ds_error").replace("{error}", str(error)))
             return
         self._render_rows(rows)

je_auto_control/gui/device_matrix_tab.py

@@ -81,7 +81,7 @@ def _on_run(self) -> None:
             report = ac.run_on_devices(
                 actions, devices, max_parallel=self._parallel.value(),
             )
-        except (ValueError, RuntimeError, json.JSONDecodeError) as error:
+        except (ValueError, RuntimeError) as error:
             self._summary.setText(_t("dm_error").replace("{error}", str(error)))
             return
         self._render(report.to_dict())

je_auto_control/gui/media_checks_tab.py

@@ -108,7 +108,7 @@ def _on_video(self) -> None:
                 expect_motion=self._video_expect.isChecked(),
                 raise_on_fail=False,
             )
-        except (RuntimeError, OSError, ValueError, FileNotFoundError) as error:
+        except (RuntimeError, OSError, ValueError) as error:
             self._result.setText(str(error))
             return
         self._result.setText(result.message)

je_auto_control/gui/test_suite_tab.py

@@ -102,7 +102,7 @@ def _on_load_file(self) -> None:
     def _on_run(self) -> None:
         try:
             result = ac.run_suite(self._parse_spec())
-        except (ValueError, OSError, RuntimeError, json.JSONDecodeError) as err:
+        except (ValueError, OSError, RuntimeError) as err:
             self._summary.setText(_t("suite_error").replace("{error}", str(err)))
             return
         self._last_result = result

je_auto_control/gui/usb_browser_tab.py

@@ -49,7 +49,7 @@ def _t(key: str) -> str:
 def _is_loopback_target(base_url: str) -> bool:
     """True if ``base_url`` points at this machine (so a local open is valid)."""
     text = base_url.strip()
-    if not text.startswith(("http://", "https://")):
+    if not text.startswith(("http://", "https://")):  # NOSONAR python:S5332 - scheme detection on user input, not an outbound http call
         text = f"{_TEST_SCHEME}://{text}"
     host = urllib.parse.urlsplit(text).hostname or ""
     return host.lower() in _LOOPBACK_HOSTS

je_auto_control/utils/remote_desktop/webrtc_viewer.py

@@ -465,22 +465,26 @@ def _on_track(track) -> None:
 
         @pc.on("datachannel")
         def _on_datachannel(channel) -> None:
-            autocontrol_logger.info(
-                "webrtc viewer: data channel %r open", channel.label,
-            )
-            if channel.label == "mic":
-                self._mic_channel = channel
-                return
-            if channel.label == "files":
-                self._files_channel = channel
-                self._wire_files_channel(channel)
-                return
-            if channel.label == "usb":
-                self._usb_channel = channel
-                self._wire_usb_channel(channel)
-                return
-            self._control_channel = channel
-            self._wire_control_channel(channel)
+            self._attach_datachannel(channel)
+
+    def _attach_datachannel(self, channel) -> None:
+        """Route an inbound data channel to its handler by label."""
+        autocontrol_logger.info(
+            "webrtc viewer: data channel %r open", channel.label,
+        )
+        if channel.label == "mic":
+            self._mic_channel = channel
+            return
+        if channel.label == "files":
+            self._files_channel = channel
+            self._wire_files_channel(channel)
+            return
+        if channel.label == "usb":
+            self._usb_channel = channel
+            self._wire_usb_channel(channel)
+            return
+        self._control_channel = channel
+        self._wire_control_channel(channel)
 
     def _wire_control_channel(self, channel) -> None:
         @channel.on("open")

je_auto_control/utils/usb/passthrough/session.py

@@ -549,7 +549,7 @@ def _is_misbehaviour(replies: List[Frame]) -> bool:
         if reply.op == Opcode.OPENED:
             try:
                 body = json.loads(reply.payload.decode("utf-8"))
-            except (ValueError, UnicodeDecodeError):
+            except ValueError:
                 return True
             if not body.get("ok"):
                 return True

je_auto_control/utils/usb/passthrough/viewer_client.py

@@ -92,7 +92,7 @@ class ClientHandle:
     """
 
     def __init__(self, client: "UsbPassthroughClient", claim_id: int,
-                 resume_token: str = "") -> None:
+                 resume_token: str = "") -> None:  # nosec B107  # reason: resume_token is a reconnect handle, not a credential; "" means "no token yet"
         self._client = client
         self._claim_id = claim_id
         self._resume_token = resume_token

test/unit_test/headless/test_a11y_audit.py

@@ -1,6 +1,8 @@
 """Headless tests for the accessibility / i18n audit."""
 from types import SimpleNamespace
 
+import pytest
+
 import je_auto_control as ac
 from je_auto_control.utils.a11y_audit import (
     audit_contrast, audit_missing_labels, contrast_ratio, detect_truncation,
@@ -34,9 +36,9 @@ def test_missing_label_flagged():
 
 def test_contrast_ratio_known_values():
     # black on white is the maximum 21:1
-    assert round(contrast_ratio([0, 0, 0], [255, 255, 255]), 1) == 21.0
+    assert contrast_ratio([0, 0, 0], [255, 255, 255]) == pytest.approx(21.0)
     # identical colours are 1:1
-    assert round(contrast_ratio([120, 120, 120], [120, 120, 120]), 1) == 1.0
+    assert contrast_ratio([120, 120, 120], [120, 120, 120]) == pytest.approx(1.0)
 
 
 def test_audit_contrast_flags_low():
@@ -73,4 +75,4 @@ def test_executor_audit_contrast():
     from je_auto_control.utils.executor.action_executor import executor
     out = executor.event_dict["AC_audit_contrast"]([0, 0, 0], [255, 255, 255])
     assert out["passes_aa"] is True
-    assert out["ratio"] == 21.0
+    assert out["ratio"] == pytest.approx(21.0)

test/unit_test/headless/test_flakiness.py

@@ -32,7 +32,7 @@ def test_flaky_script_detected(store):
     assert entry.flaky is True
     assert entry.ok == 2 and entry.error == 2
     assert entry.flips == 3
-    assert entry.flip_rate == 1.0
+    assert entry.flip_rate == pytest.approx(1.0)
     assert report.flaky_count == 1
 
 
@@ -43,7 +43,7 @@ def test_stable_script_not_flaky(store):
     entry = report.entries[0]
     assert entry.flaky is False
     assert entry.flips == 0
-    assert entry.pass_rate == 1.0
+    assert entry.pass_rate == pytest.approx(1.0)
     assert report.flaky_count == 0