bandit checker: mark false security issues - fix security issues (low severity)

author: Étienne Loks <etienne.loks@iggdrasil.net> 2023-04-11 12:27:23 +0200
committer: Étienne Loks <etienne.loks@iggdrasil.net> 2023-04-17 15:47:16 +0200
commit: 367059ddef14a495e277f68ceaf3455c092f839d (patch)
tree: ae625ff0265fecd122946c71d3a2d6afefae4817 /ishtar_common/forms_common.py
parent: ff5aee7158bd46e4ae22bc431adadd7060a6e277 (diff)
download: Ishtar-367059ddef14a495e277f68ceaf3455c092f839d.tar.bz2
Ishtar-367059ddef14a495e277f68ceaf3455c092f839d.zip
1 files changed, 10 insertions, 6 deletions
diff --git a/ishtar_common/forms_common.py b/ishtar_common/forms_common.py
index bcc5a28be..f031b280f 100644
--- a/ishtar_common/forms_common.py
+++ b/ishtar_common/forms_common.py
@@ -320,8 +320,9 @@ class NewImportForm(BaseImportForm):
         value = self.cleaned_data.get("imported_images_link", None)
         if value:
             try:
-                assert is_downloadable(value)
-            except (AssertionError, requests.exceptions.RequestException):
+                if not is_downloadable(value):
+                    raise forms.ValidationError("")
+            except (requests.exceptions.RequestException, forms.ValidationError):
                 raise forms.ValidationError(
                     _("Invalid link or no file is available for this link.")
                 )
@@ -378,18 +379,21 @@ class NewImportGISForm(BaseImportForm):
         if value:
             try:
                 ext = value.name.lower().split(".")[-1]
-                assert ext in ("zip", "gpkg", "csv")
+                if ext not in ("zip", "gpkg", "csv"):
+                    raise forms.ValidationError("")
                 if ext == "zip":
                     zip_file = zipfile.ZipFile(value)
-                    assert not zip_file.testzip()
+                    if zip_file.testzip():
+                        raise forms.ValidationError("")
                     has_correct_file = False
                     for name in zip_file.namelist():
                         in_ext = name.lower().split(".")[-1]
                         if in_ext in ("shp", "gpkg"):
                             has_correct_file = True
                             break
-                    assert has_correct_file
-            except AssertionError:
+                    if not has_correct_file:
+                        raise forms.ValidationError("")
+            except forms.ValidationError:
                 raise forms.ValidationError(
                     _("GIS file must be a zip containing a ShapeFile or GeoPackage file.")
                 )
author	Étienne Loks <etienne.loks@iggdrasil.net>	2023-04-11 12:27:23 +0200
committer	Étienne Loks <etienne.loks@iggdrasil.net>	2023-04-17 15:47:16 +0200
commit	367059ddef14a495e277f68ceaf3455c092f839d (patch)
tree	ae625ff0265fecd122946c71d3a2d6afefae4817 /ishtar_common/forms_common.py
parent	ff5aee7158bd46e4ae22bc431adadd7060a6e277 (diff)
download	Ishtar-367059ddef14a495e277f68ceaf3455c092f839d.tar.bz2 Ishtar-367059ddef14a495e277f68ceaf3455c092f839d.zip