Added NOSONAR tags and an explanation of why

jdw-creare · jdw-creare · commit 12335c8c1d2e · 2026-05-14T19:59:36.000-04:00
diff --git a/podpac/core/data/file_source.py b/podpac/core/data/file_source.py
@@ -104,14 +104,20 @@ def dataset(self):
             return self._open(self._file, cache=False)
 
         # otherwise, open the file (and cache it if desired)
+        # A note on these NOSONAR lines: SonarQube considers it a security hotspot when
+        # non-encrypted protocols are used.  However, it's not a security risk to permit
+        # this package to draw data from sources via unencrypted links.  Some external geospatial data
+        # sources are public by design, and they can choose deliver data via FTP or HTTP if they please.
+        # Users concerned about these data sources being somehow poisoned can just not configure podpac
+        # to use unencrypted sources.
         if self.source.startswith("s3://"):
             _logger.info("Loading AWS resource: %s" % self.source)
             self._file = self.s3.open(self.source, "rb")
-        elif self.source.startswith("http://") or self.source.startswith("https://"):
+        elif self.source.startswith("http://") or self.source.startswith("https://"):  # NOSONAR(S5332)
             _logger.info("Downloading: %s" % self.source)
             response = requests.get(self.source)
             self._file = BytesIO(response.content)
-        elif self.source.startswith("ftp://"):
+        elif self.source.startswith("ftp://"):  # NOSONAR(S5332)
             _logger.info("Downloading: %s" % self.source)
             addinfourl = urlopen(self.source)
             self._file = BytesIO(addinfourl.read())
