diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2023-04-11 12:27:23 +0200 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2023-04-17 15:47:16 +0200 |
| commit | 367059ddef14a495e277f68ceaf3455c092f839d (patch) | |
| tree | ae625ff0265fecd122946c71d3a2d6afefae4817 /ishtar_common/models.py | |
| parent | ff5aee7158bd46e4ae22bc431adadd7060a6e277 (diff) | |
| download | Ishtar-367059ddef14a495e277f68ceaf3455c092f839d.tar.bz2 Ishtar-367059ddef14a495e277f68ceaf3455c092f839d.zip | |
bandit checker: mark false security issues - fix security issues (low severity)
Diffstat (limited to 'ishtar_common/models.py')
| -rw-r--r-- | ishtar_common/models.py | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/ishtar_common/models.py b/ishtar_common/models.py index f7baebfe4..ba317998f 100644 --- a/ishtar_common/models.py +++ b/ishtar_common/models.py @@ -36,7 +36,9 @@ import string import tempfile import time from io import BytesIO -from subprocess import Popen, PIPE +# nosec: only script inside the script directory can be executed +# script directory is not web available +from subprocess import Popen, PIPE # nosec from PIL import Image from markdown import markdown from ooopy.OOoPy import OOoPy @@ -45,7 +47,8 @@ import ooopy.Transforms as OOTransforms import uuid import zipfile from urllib.parse import urlencode -from xml.etree import ElementTree as ET +# nosec: ElementTree used to create XML not for parsing +from xml.etree import ElementTree as ET # nosec from django.apps import apps from django.conf import settings @@ -408,9 +411,7 @@ def is_unique(cls, field): # unique validator for models def func(value): query = {field: value} - try: - assert cls.objects.filter(**query).count() == 0 - except AssertionError: + if cls.objects.filter(**query).count() != 0: raise ValidationError(_("This item already exists.")) return func @@ -922,9 +923,8 @@ class RelationsViews(models.Model): Check view or table properly created with settings on the profile :return: True if table or view updated """ - assert cls.CREATE_SQL - assert cls.DELETE_SQL - assert cls.CREATE_TABLE_SQL + if not cls.CREATE_SQL or not cls.DELETE_SQL or not cls.CREATE_TABLE_SQL: + raise NotImplementedError("CREATE_SQL or DELETE_SQL or CREATE_TABLE_SQL is missing.") profile = get_current_profile(force=True) table_type = "" with connection.cursor() as cursor: @@ -2456,7 +2456,8 @@ def documentation_get_gender_values(): class BaseGenderedType(ValueGetter): def get_values(self, prefix="", **kwargs): dct = super(BaseGenderedType, self).get_values(prefix=prefix, **kwargs) - assert hasattr(self, "grammatical_gender") + if not hasattr(self, "grammatical_gender"): + raise NotImplementedError("This model should have a grammatical_gender field") dct[prefix + "grammatical_gender"] = self.grammatical_gender return dct @@ -5144,6 +5145,7 @@ class AdministrationTask(models.Model): script_name = None # only script inside the script directory can be executed + # script directory is not web available for name in os.listdir(script_dir): if name == self.script.path: if os.path.isfile(os.path.join(script_dir, name)): @@ -5165,7 +5167,9 @@ class AdministrationTask(models.Model): self.finished_date = datetime.datetime.now() try: - session = Popen([script_name], stdout=PIPE, stderr=PIPE) + # nosec: only script inside the script directory can be executed + # this script directory is not web available + session = Popen([script_name], stdout=PIPE, stderr=PIPE) # nosec stdout, stderr = session.communicate() except OSError as e: self.state = "FE" |