From 367059ddef14a495e277f68ceaf3455c092f839d Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@iggdrasil.net>
Date: Tue, 11 Apr 2023 12:27:23 +0200
Subject: bandit checker: mark false security issues - fix security issues (low
 severity)

---
 ishtar_common/data_importer.py | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

(limited to 'ishtar_common/data_importer.py')

diff --git a/ishtar_common/data_importer.py b/ishtar_common/data_importer.py
index ae3c8387a..796a75699 100644
--- a/ishtar_common/data_importer.py
+++ b/ishtar_common/data_importer.py
@@ -371,8 +371,9 @@ class YearFormater(Formater):
             return
         try:
             value = int(value)
-            assert value > 0 and value < (datetime.date.today().year + 30)
-        except (ValueError, AssertionError):
+            if value <= 0 or value > (datetime.date.today().year + 30):
+                raise ValueError()
+        except ValueError:
             raise ValueError(_('"%(value)s" is not a valid date') % {"value": value})
         return value
 
@@ -384,8 +385,9 @@ class YearNoFuturFormater(Formater):
             return
         try:
             value = int(value)
-            assert value > 0 and value < datetime.date.today().year
-        except (ValueError, AssertionError):
+            if value <= 0 or value > datetime.date.today().year:
+                raise ValueError()
+        except ValueError:
             raise ValueError(_('"%(value)s" is not a valid date') % {"value": value})
         return value
 
@@ -674,7 +676,7 @@ class DateFormater(Formater):
         for date_format in self.date_formats:
             try:
                 return datetime.datetime.strptime(value, date_format).date()
-            except:
+            except ValueError:
                 continue
         raise ValueError(_('"%(value)s" is not a valid date') % {"value": value})
 
@@ -1013,7 +1015,8 @@ class Importer(object):
         self.current_csv_line = None
         self.conservative_import = conservative_import
         # for a conservative_import UNICITY_KEYS should be defined
-        assert not self.conservative_import or bool(self.UNICITY_KEYS)
+        if self.conservative_import and not bool(self.UNICITY_KEYS):
+            raise ValueError("A conservative import should have unicity key defined")
         self.DB_TARGETS = {}
         self.match_table = {}
         self.concats = set()
@@ -1097,7 +1100,8 @@ class Importer(object):
            (further exploitation by web interface)
          - user: associated user
         """
-        assert output in ("silent", "cli", "db")
+        if output not in ("silent", "cli", "db"):
+            raise ValueError("initialize called with a bad output option")
         vals = []
         for idx_line, line in enumerate(table):
             if self.skip_lines > idx_line:
@@ -1356,7 +1360,8 @@ class Importer(object):
         for idx_col, val in enumerate(line):
             try:
                 self._row_processing(c_row, idx_col, idx_line, val, data)
-            except:
+                # nosec: no catch to force continue processing of lines
+            except:  # nosec
                 pass
 
         self.validity.append(c_row)
@@ -2288,8 +2293,8 @@ class Importer(object):
                                     target_name = field.name
                                 elif rel_model == obj.__class__:
                                     item_name = field.name
-                            assert target_name is not None
-                            assert item_name is not None
+                            if target_name is None or item_name is None:
+                                raise IntegrityError(f"Configuration error for attribute {attr}.")
                             inter_model.objects.get_or_create(
                                 **{item_name: obj, target_name: v}
                             )
-- 
cgit v1.2.3