bandit checker: mark false security issues - fix security issues (low severity)

author: Étienne Loks <etienne.loks@iggdrasil.net> 2023-04-11 12:27:23 +0200
committer: Étienne Loks <etienne.loks@iggdrasil.net> 2023-04-17 15:47:16 +0200
commit: 367059ddef14a495e277f68ceaf3455c092f839d (patch)
tree: ae625ff0265fecd122946c71d3a2d6afefae4817 /ishtar_common/views.py
parent: ff5aee7158bd46e4ae22bc431adadd7060a6e277 (diff)
download: Ishtar-367059ddef14a495e277f68ceaf3455c092f839d.tar.bz2
Ishtar-367059ddef14a495e277f68ceaf3455c092f839d.zip
1 files changed, 12 insertions, 7 deletions
diff --git a/ishtar_common/views.py b/ishtar_common/views.py
index ac4e995d1..ba9be495a 100644
--- a/ishtar_common/views.py
+++ b/ishtar_common/views.py
@@ -1256,8 +1256,9 @@ class QRCodeView(DynamicModelView, IshtarMixin, LoginRequiredMixin, View):
         model = self.get_model(kwargs)
         try:
             item = model.objects.get(pk=kwargs.get("pk"))
-            assert hasattr(item, "qrcode")
-        except (model.DoesNotExist, AssertionError):
+        except model.DoesNotExist:
+            raise Http404()
+        if not hasattr(item, "qrcode"):
             raise Http404()
 
         if not item.qrcode or not item.qrcode.name:
@@ -2191,8 +2192,9 @@ class DocumentEditView(DocumentFormMixin, UpdateView):
         kwargs = super(DocumentEditView, self).get_form_kwargs()
         try:
             document = models.Document.objects.get(pk=self.kwargs.get("pk"))
-            assert check_permission(self.request, "document/edit", document.pk)
-        except (AssertionError, models.Document.DoesNotExist):
+        except models.Document.DoesNotExist:
+            raise Http404()
+        if not check_permission(self.request, "document/edit", document.pk):
             raise Http404()
         initial = {}
         for k in (
@@ -2475,7 +2477,8 @@ class QAItemForm(IshtarMixin, LoginRequiredMixin, FormView):
         return self.model.get_quick_action_by_url(self.base_url)
 
     def pre_dispatch(self, request, *args, **kwargs):
-        assert self.model
+        if not self.model:
+            raise NotImplementedError("No attribute model defined.")
         pks = [int(pk) for pk in kwargs.get("pks").split("-")]
         self.items = list(self.model.objects.filter(pk__in=pks))
         if not self.items:
@@ -2836,8 +2839,10 @@ class GeoEditView(GeoFormMixin, UpdateView):
         kwargs = super(GeoEditView, self).get_form_kwargs()
         try:
             geo = models.GeoVectorData.objects.get(pk=self.kwargs.get("pk"))
-            assert check_permission(self.request, "geo/edit", geo.pk)
-        except (AssertionError, models.GeoVectorData.DoesNotExist):
+        except models.GeoVectorData.DoesNotExist:
+            raise Http404()
+
+        if not check_permission(self.request, "geo/edit", geo.pk):
             raise Http404()
         initial = {}
author	Étienne Loks <etienne.loks@iggdrasil.net>	2023-04-11 12:27:23 +0200
committer	Étienne Loks <etienne.loks@iggdrasil.net>	2023-04-17 15:47:16 +0200
commit	367059ddef14a495e277f68ceaf3455c092f839d (patch)
tree	ae625ff0265fecd122946c71d3a2d6afefae4817 /ishtar_common/views.py
parent	ff5aee7158bd46e4ae22bc431adadd7060a6e277 (diff)
download	Ishtar-367059ddef14a495e277f68ceaf3455c092f839d.tar.bz2 Ishtar-367059ddef14a495e277f68ceaf3455c092f839d.zip