fix ci tests

Author: josecorella

dev_requirements/linter-requirements.txt

@@ -6,6 +6,7 @@ flake8-bugbear==22.9.11
 flake8-docstrings==1.7.0
 flake8-print==5.0.0
 isort==5.11.4
+pbr==2.0.0 # needed due to to bandit
 pyflakes==2.4.0
 pylint==2.13.5
 readme_renderer==37.3

src/aws_encryption_sdk/streaming_client.py

@@ -454,7 +454,7 @@ def _prep_message(self):
         )
 
         validate_commitment_policy_on_encrypt(self.config.commitment_policy, self._encryption_materials.algorithm)
-        
+    
         if self.config.algorithm is not None and self._encryption_materials.algorithm != self.config.algorithm:
             raise ActionNotAllowedError(
                 (

src/pylintrc

@@ -10,6 +10,7 @@ disable =
     attribute-defined-outside-init,  # breaks with attrs_post_init
     abstract-method,  # throws false positives on io.BaseIO grandchildren
     redefined-outer-name,  # we do this on purpose in multiple places
+    too-many-positional-arguments, # on 2026-04-17 aws_encryption_sdk_decrypt_oracle started failing because of this
     # All below are disabled because we need to support Python 2
     useless-object-inheritance,
     raise-missing-from,

test/functional/test_f_commitment.py

@@ -236,7 +236,7 @@ def test_encrypt_with_require_policy_fail_when_retrieving_invalid_cmm_materials(
     required_encrypting_client = aws_encryption_sdk.EncryptionSDKClient(
         commitment_policy=CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT
     )
-    
+  
     provider = StaticRawMasterKeyProvider(
         wrapping_algorithm=WrappingAlgorithm.AES_256_GCM_IV12_TAG16_NO_PADDING,
         encryption_key_type=EncryptionKeyType.SYMMETRIC,
@@ -249,7 +249,7 @@ def test_encrypt_with_require_policy_fail_when_retrieving_invalid_cmm_materials(
     )
     plaintext = b"Yellow Submarine"
 
-    ciphertext, _ = forbid_encrypting_client.encrypt(source=plaintext, materials_manager=ccmm)
+    _, _ = forbid_encrypting_client.encrypt(source=plaintext, materials_manager=ccmm)
     with pytest.raises(ActionNotAllowedError) as excinfo:
         required_encrypting_client.encrypt(source=plaintext, materials_manager=ccmm)
     excinfo.match("Configuration conflict. Cannot encrypt due to .* requiring only committed messages")
@@ -264,7 +264,7 @@ def test_encrypt_with_forbid_policy_fail_when_retrieving_invalid_cmm_materials()
     required_encrypting_client = aws_encryption_sdk.EncryptionSDKClient(
         commitment_policy=CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT
     )
-    
+  
     provider = StaticRawMasterKeyProvider(
         wrapping_algorithm=WrappingAlgorithm.AES_256_GCM_IV12_TAG16_NO_PADDING,
         encryption_key_type=EncryptionKeyType.SYMMETRIC,
@@ -277,7 +277,7 @@ def test_encrypt_with_forbid_policy_fail_when_retrieving_invalid_cmm_materials()
     )
     plaintext = b"Yellow Submarine"
 
-    ciphertext, _ = required_encrypting_client.encrypt(source=plaintext, materials_manager=ccmm)
+    _, _ = required_encrypting_client.encrypt(source=plaintext, materials_manager=ccmm)
     with pytest.raises(ActionNotAllowedError) as excinfo:
         forbid_encrypting_client.encrypt(source=plaintext, materials_manager=ccmm)
     excinfo.match("Configuration conflict. Cannot encrypt due to .* requiring only non-committed messages.")