5 files changed, 16 insertions, 35 deletions

diff --git a/Makefile.example b/Makefile.example
index 385054b0d..59b7b3b8e 100644
--- a/Makefile.example
+++ b/Makefile.example
@@ -135,6 +135,12 @@ pylint:
 		pylint "$(CURDIR)/$$DIR" --ignore=.git,migrations --max-public-methods=50 --ignored-classes=Item.Meta --method-rgx='[a-z_][a-z0-9_]{2,40}$$'; \
 	done
 
+bandit:   ## audit for security with bandit tool
+	bandit -r -s B322 -n 3 ishtar_common/ archaeological_context_records/ archaeological_files archaeological_finds/ archaeological_operations/ archaeological_warehouse/ example_project/
+
+bandit_no_marksafe:   ## audit for security with bandit tool
+	bandit -r -s B322,B308,B703 -n 3 ishtar_common/ archaeological_context_records/ archaeological_files archaeological_finds/ archaeological_operations/ archaeological_warehouse/ example_project/
+
 ##@ Development: run
 
 shell:  ## launch shell
@@ -143,6 +149,9 @@ shell:  ## launch shell
 run:  ## run test server
 	cd $(project); $(PYTHON) manage.py runserver 0.0.0.0:8000
 
+runalt:  ## run test server on port 9000
+	cd $(project); $(PYTHON) manage.py runserver 0.0.0.0:9000
+
 runcelery:  ## run a celery worker
 	celery -A example_project worker -l INFO
 
@@ -321,34 +330,3 @@ sass:
 sass_watch:
 	./node_modules/node-sass/bin/node-sass --watch scss/custom.scss --output-style compressed > ishtar_common/static/bootstrap/bootstrap.css
 
-transition_migrate:
-	cd $(project); \
-	$(PYTHON) manage.py migrate ishtar_common 0117 ; \
-	$(PYTHON) manage.py migrate archaeological_files 0024 ; \
-	$(PYTHON) manage.py migrate archaeological_operations 0075 ; \
-	$(PYTHON) manage.py migrate archaeological_context_records 0056 ; \
-	$(PYTHON) manage.py migrate archaeological_finds 0080 ; \
-	$(PYTHON) manage.py migrate archaeological_warehouse 0044 ; \
-	$(PYTHON) manage.py migrate --fake ishtar_common 0201 ; \
-	$(PYTHON) manage.py migrate --fake archaeological_files  0101 ; \
-	$(PYTHON) manage.py migrate --fake archaeological_operations  0102 ; \
-	$(PYTHON) manage.py migrate --fake archaeological_context_records  0102 ; \
-	$(PYTHON) manage.py migrate --fake archaeological_finds  0102 ; \
-	$(PYTHON) manage.py migrate --fake archaeological_warehouse  0101 ;
-
-new_migration:
-	cd $(project); \
-	$(PYTHON) manage.py migrate contenttypes ; \
-	$(PYTHON) manage.py migrate admin ; \
-	$(PYTHON) manage.py migrate auth ; \
-	$(PYTHON) manage.py migrate authtoken ; \
-	$(PYTHON) manage.py migrate registration ; \
-	$(PYTHON) manage.py migrate sessions ; \
-	$(PYTHON) manage.py migrate sites ; \
-	$(PYTHON) manage.py migrate --fake ishtar_common 0117 ; \
-	$(PYTHON) manage.py migrate --fake archaeological_files 0024 ; \
-	$(PYTHON) manage.py migrate --fake archaeological_operations 0075 ; \
-	$(PYTHON) manage.py migrate --fake archaeological_context_records 0056 ; \
-	$(PYTHON) manage.py migrate --fake archaeological_finds 0080 ; \
-	$(PYTHON) manage.py migrate --fake archaeological_warehouse 0044 ; \
-	$(PYTHON) manage.py migrate ;
diff --git a/archaeological_finds/views_api.py b/archaeological_finds/views_api.py
index 4302fbd89..8bea74eb7 100644
--- a/archaeological_finds/views_api.py
+++ b/archaeological_finds/views_api.py
@@ -32,7 +32,8 @@ class PublicFindAPI(APIView):
         )
 
         ordering = "CASE {} END".format(clauses)
-        return models.Find.objects.filter(id__in=id_list).extra(
+        # nosec: extra clauses uses only find id from a FindBasket query no injection possible
+        return models.Find.objects.filter(id__in=id_list).extra(  # nosec
             select={"ordering": ordering}, order_by=("ordering",)
         )
 
diff --git a/ishtar_common/data_importer.py b/ishtar_common/data_importer.py
index d63004849..ae3c8387a 100644
--- a/ishtar_common/data_importer.py
+++ b/ishtar_common/data_importer.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 # Copyright (C) 2013-2017 Étienne Loks  <etienne.loks_AT_peacefrogsDOTnet>
 
diff --git a/ishtar_common/ignf_utils.py b/ishtar_common/ignf_utils.py
index 2f167299c..94429d458 100644
--- a/ishtar_common/ignf_utils.py
+++ b/ishtar_common/ignf_utils.py
@@ -160,7 +160,8 @@ IGNF = {
 
 
 def extract_from_csv(filename):
-    tree = ET.parse(filename)
+    # nosec: parsing only used by programmer to generate previous dict from a trusted source
+    tree = ET.parse(filename)  # nosec
     root = tree.getroot()
     ns = "{http://www.isotc211.org/2005/gmx}"
     ns_gml = "{http://www.opengis.net/gml}"
diff --git a/ishtar_common/utils.py b/ishtar_common/utils.py
index 3a3c53853..91591e0b2 100644
--- a/ishtar_common/utils.py
+++ b/ishtar_common/utils.py
@@ -399,7 +399,8 @@ def get_cache(cls, extra_args=tuple(), app_label=None):
     ):
         cls._add_cache_key_to_refresh(extra_args)
     if len(cache_key) >= 250:
-        m = hashlib.md5()
+        # nosec: used for a cache key no consequence if predictable
+        m = hashlib.md5()  # nosec
         m.update(cache_key)
         cache_key = m.hexdigest()
     return cache_key, cache.get(cache_key)