bandit checker: mark false security issues - fix security issues (low severity)

1 files changed, 15 insertions, 10 deletions

diff --git a/ishtar_common/wizards.py b/ishtar_common/wizards.py
index 030bb4af2..8dcb16b70 100644
--- a/ishtar_common/wizards.py
+++ b/ishtar_common/wizards.py
@@ -587,9 +587,10 @@ class Wizard(IshtarWizard):
                         fields.pop("DELETE")
                     multi = len(fields) > 1
                     if multi:
-                        assert hasattr(frm, "base_model") or hasattr(
-                            frm, "base_models"
-                        ), "Must define a base_model(s) for " + str(frm.__class__)
+                        if not hasattr(frm, "base_model") and not hasattr(frm, "base_models"):
+                            raise NotImplementedError(
+                                f"Must define a base_model(s) for {frm.__class__}"
+                            )
                 for frm in form.forms:
                     if not frm.is_valid():
                         continue
@@ -703,7 +704,8 @@ class Wizard(IshtarWizard):
                 continue
 
             vals = k.split("__")
-            assert len(vals) == 2, "Only one level of dependant item is managed"
+            if len(vals) != 2:
+                raise NotImplementedError("Only one level of dependant item is managed")
             dependant_item, key = vals
             if dependant_item not in other_objs:
                 other_objs[dependant_item] = {}
@@ -906,9 +908,10 @@ class Wizard(IshtarWizard):
                         model = related_model.through
                     # not m2m -> foreign key
                     if not hasattr(related_model, "clear"):
-                        assert hasattr(
-                            model, "MAIN_ATTR"
-                        ), "Must define a MAIN_ATTR for " + str(model.__class__)
+                        if not hasattr(model, "MAIN_ATTR"):
+                            raise NotImplementedError(
+                                f"Must define a MAIN_ATTR for {model.__class__}."
+                            )
                         value[getattr(model, "MAIN_ATTR")] = obj
 
                     # check old links
@@ -1112,7 +1115,7 @@ class Wizard(IshtarWizard):
             idx = items[-2]
             try:
                 int(idx)
-            except:
+            except ValueError:
                 continue
             if items[-1] == "DELETE":
                 to_delete.add(idx)
@@ -1710,7 +1713,8 @@ class DeletionWizard(Wizard):
             hasattr(self, "model") and hasattr(self.model, "TABLE_COLS")
         ):
             self.fields = self.model.TABLE_COLS
-        assert self.model
+        if not self.model:
+            raise NotImplementedError("Missing model attribute")
         super(DeletionWizard, self).__init__(*args, **kwargs)
 
     def get_formated_datas(self, forms):
@@ -1785,7 +1789,8 @@ class MultipleDeletionWizard(MultipleItemWizard):
             hasattr(self, "model") and hasattr(self.model, "TABLE_COLS")
         ):
             self.fields = self.model.TABLE_COLS
-        assert self.model
+        if not self.model:
+            raise NotImplementedError("Missing model attribute")
         super(MultipleDeletionWizard, self).__init__(*args, **kwargs)
 
     def get_template_names(self):