diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2023-04-11 12:27:23 +0200 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2023-04-17 15:47:16 +0200 |
| commit | 367059ddef14a495e277f68ceaf3455c092f839d (patch) | |
| tree | ae625ff0265fecd122946c71d3a2d6afefae4817 /ishtar_common/data_importer.py | |
| parent | ff5aee7158bd46e4ae22bc431adadd7060a6e277 (diff) | |
| download | Ishtar-367059ddef14a495e277f68ceaf3455c092f839d.tar.bz2 Ishtar-367059ddef14a495e277f68ceaf3455c092f839d.zip | |
bandit checker: mark false security issues - fix security issues (low severity)
Diffstat (limited to 'ishtar_common/data_importer.py')
| -rw-r--r-- | ishtar_common/data_importer.py | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/ishtar_common/data_importer.py b/ishtar_common/data_importer.py index ae3c8387a..796a75699 100644 --- a/ishtar_common/data_importer.py +++ b/ishtar_common/data_importer.py @@ -371,8 +371,9 @@ class YearFormater(Formater): return try: value = int(value) - assert value > 0 and value < (datetime.date.today().year + 30) - except (ValueError, AssertionError): + if value <= 0 or value > (datetime.date.today().year + 30): + raise ValueError() + except ValueError: raise ValueError(_('"%(value)s" is not a valid date') % {"value": value}) return value @@ -384,8 +385,9 @@ class YearNoFuturFormater(Formater): return try: value = int(value) - assert value > 0 and value < datetime.date.today().year - except (ValueError, AssertionError): + if value <= 0 or value > datetime.date.today().year: + raise ValueError() + except ValueError: raise ValueError(_('"%(value)s" is not a valid date') % {"value": value}) return value @@ -674,7 +676,7 @@ class DateFormater(Formater): for date_format in self.date_formats: try: return datetime.datetime.strptime(value, date_format).date() - except: + except ValueError: continue raise ValueError(_('"%(value)s" is not a valid date') % {"value": value}) @@ -1013,7 +1015,8 @@ class Importer(object): self.current_csv_line = None self.conservative_import = conservative_import # for a conservative_import UNICITY_KEYS should be defined - assert not self.conservative_import or bool(self.UNICITY_KEYS) + if self.conservative_import and not bool(self.UNICITY_KEYS): + raise ValueError("A conservative import should have unicity key defined") self.DB_TARGETS = {} self.match_table = {} self.concats = set() @@ -1097,7 +1100,8 @@ class Importer(object): (further exploitation by web interface) - user: associated user """ - assert output in ("silent", "cli", "db") + if output not in ("silent", "cli", "db"): + raise ValueError("initialize called with a bad output option") vals = [] for idx_line, line in enumerate(table): if self.skip_lines > idx_line: @@ -1356,7 +1360,8 @@ class Importer(object): for idx_col, val in enumerate(line): try: self._row_processing(c_row, idx_col, idx_line, val, data) - except: + # nosec: no catch to force continue processing of lines + except: # nosec pass self.validity.append(c_row) @@ -2288,8 +2293,8 @@ class Importer(object): target_name = field.name elif rel_model == obj.__class__: item_name = field.name - assert target_name is not None - assert item_name is not None + if target_name is None or item_name is None: + raise IntegrityError(f"Configuration error for attribute {attr}.") inter_model.objects.get_or_create( **{item_name: obj, target_name: v} ) |