From 367059ddef14a495e277f68ceaf3455c092f839d Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@iggdrasil.net>
Date: Tue, 11 Apr 2023 12:27:23 +0200
Subject: bandit checker: mark false security issues - fix security issues (low
 severity)

---
 archaeological_operations/models.py |  2 +-
 archaeological_operations/tests.py  | 25 ++++++++++++++++---------
 archaeological_operations/utils.py  |  7 +++----
 3 files changed, 20 insertions(+), 14 deletions(-)

(limited to 'archaeological_operations')

diff --git a/archaeological_operations/models.py b/archaeological_operations/models.py
index ee2023f5c..57fc4676f 100644
--- a/archaeological_operations/models.py
+++ b/archaeological_operations/models.py
@@ -3005,7 +3005,7 @@ class AdministrativeAct(DocumentItem, BaseHistorizedItem, OwnPerms, ValueGetter)
                 else:
                     try:
                         self._get_index()
-                    except:
+                    except ValidationError:
                         pass
         super(AdministrativeAct, self).save(*args, **kwargs)
         if hasattr(self, "associated_file") and self.associated_file:
diff --git a/archaeological_operations/tests.py b/archaeological_operations/tests.py
index 8d134e519..605f4e46f 100644
--- a/archaeological_operations/tests.py
+++ b/archaeological_operations/tests.py
@@ -19,7 +19,8 @@
 from bs4 import BeautifulSoup
 import json
 import datetime
-from subprocess import Popen, PIPE
+# nosec: call an explicit bin for testing purpose
+from subprocess import Popen, PIPE  # nosec
 from io import BytesIO
 import tempfile
 import locale
@@ -113,7 +114,8 @@ from ishtar_common.serializers import restore_serialized
 
 class FileInit(object):
     def login_as_superuser(self):
-        self.client.login(username="username", password="tralala")
+        # nosec: hard coded password for test purposes
+        self.client.login(username="username", password="tralala")  # nosec
 
     def create_file(self):
         self.extra_models, self.model_list = {}, []
@@ -1659,7 +1661,8 @@ class ParcelTest(ImportTest, TestCase):
             )
 
     def init_operation_parcels_tests(self):
-        username, password, user = create_user(
+        # nosec: hard coded password for test purposes
+        username, password, user = create_user(  # nosec
             username="Gandalf", password="ushallpass"
         )
         user.user_permissions.add(
@@ -1980,10 +1983,11 @@ class OperationInitTest(object):
 
     def tearDown(self):
         # cleanup for further test
+        # nosec: quick and dirty cleanup do not care to catch exceptions
         if hasattr(self, "user"):
             try:
                 self.user.delete()
-            except:
+            except:  # nosec
                 pass
             self.user = None
         # all try/except is necessary for bad migrations on main...
@@ -1992,14 +1996,14 @@ class OperationInitTest(object):
             for ope in self.operations:
                 try:
                     ope.delete()
-                except:
+                except:  # nosec
                     pass
             self.operations = []
         if hasattr(self, "parcels"):
             for p in self.parcels:
                 try:
                     p.delete()
-                except:
+                except:  # nosec
                     pass
             self.parcels = []
 
@@ -2347,8 +2351,9 @@ class OperationTest(TestCase, OperationInitTest):
         )
         self.assertEqual(response.status_code, 200)
         f = BytesIO(response.content)
+        # nosec: call an explicit bin for testing purpose
         filetype = (
-            Popen("/usr/bin/file -b --mime -", shell=True, stdout=PIPE, stdin=PIPE)
+            Popen("/usr/bin/file -b --mime -", shell=True, stdout=PIPE, stdin=PIPE)  # nosec
             .communicate(f.read(1024))[0]
             .strip()
         )
@@ -2840,7 +2845,8 @@ class OperationSearchTest(TestCase, OperationInitTest, SearchText):
         self.alt_user.user_permissions.add(
             Permission.objects.get(codename="change_own_operation")
         )
-        self.alt_username2, self.alt_password2, self.alt_user2 = create_user(
+        # nosec: hard coded password for test purposes
+        self.alt_username2, self.alt_password2, self.alt_user2 = create_user(  # nosec
             username="luke", password="iamyourfather"
         )
         profile = UserProfile.objects.create(
@@ -3314,7 +3320,8 @@ class OperationPermissionTest(TestCase, OperationInitTest):
         self.alt_user.user_permissions.add(
             Permission.objects.get(codename="change_own_operation")
         )
-        self.alt_username2, self.alt_password2, self.alt_user2 = create_user(
+        # nosec: hard coded password for test purposes
+        self.alt_username2, self.alt_password2, self.alt_user2 = create_user(  # nosec
             username="luke", password="iamyourfather"
         )
         profile_type = ProfileType.objects.get(txt_idx="collaborator")
diff --git a/archaeological_operations/utils.py b/archaeological_operations/utils.py
index ba4f17358..a571228b8 100644
--- a/archaeological_operations/utils.py
+++ b/archaeological_operations/utils.py
@@ -460,11 +460,11 @@ def parse_insee(value):
     for value in values:
         try:
             town = Town.objects.get(numero_insee=value)
-            towns.append(town)
-        except:
+        except Town.DoesNotExist:
             # sys.stderr.write('Numero INSEE : %s non existant en base'
             # % value)
             continue
+        towns.append(town)
     return towns
 
 
@@ -482,8 +482,7 @@ def parse_parcels(parcel_str, insee_code=None, owner=None):
     if insee_code:
         town = parse_insee(insee_code)
         # manage only one town at a time
-        assert len(town) < 2
-        if not town:
+        if len(town) >= 2 or not town:
             return parcels
         town = town[0]
     m = PARCEL_YEAR_REGEXP.match(parcel_str)
-- 
cgit v1.2.3