From 367059ddef14a495e277f68ceaf3455c092f839d Mon Sep 17 00:00:00 2001 From: Étienne Loks Date: Tue, 11 Apr 2023 12:27:23 +0200 Subject: bandit checker: mark false security issues - fix security issues (low severity) --- ishtar_common/forms_common.py | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'ishtar_common/forms_common.py') diff --git a/ishtar_common/forms_common.py b/ishtar_common/forms_common.py index bcc5a28be..f031b280f 100644 --- a/ishtar_common/forms_common.py +++ b/ishtar_common/forms_common.py @@ -320,8 +320,9 @@ class NewImportForm(BaseImportForm): value = self.cleaned_data.get("imported_images_link", None) if value: try: - assert is_downloadable(value) - except (AssertionError, requests.exceptions.RequestException): + if not is_downloadable(value): + raise forms.ValidationError("") + except (requests.exceptions.RequestException, forms.ValidationError): raise forms.ValidationError( _("Invalid link or no file is available for this link.") ) @@ -378,18 +379,21 @@ class NewImportGISForm(BaseImportForm): if value: try: ext = value.name.lower().split(".")[-1] - assert ext in ("zip", "gpkg", "csv") + if ext not in ("zip", "gpkg", "csv"): + raise forms.ValidationError("") if ext == "zip": zip_file = zipfile.ZipFile(value) - assert not zip_file.testzip() + if zip_file.testzip(): + raise forms.ValidationError("") has_correct_file = False for name in zip_file.namelist(): in_ext = name.lower().split(".")[-1] if in_ext in ("shp", "gpkg"): has_correct_file = True break - assert has_correct_file - except AssertionError: + if not has_correct_file: + raise forms.ValidationError("") + except forms.ValidationError: raise forms.ValidationError( _("GIS file must be a zip containing a ShapeFile or GeoPackage file.") ) -- cgit v1.2.3