From 367059ddef14a495e277f68ceaf3455c092f839d Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@iggdrasil.net>
Date: Tue, 11 Apr 2023 12:27:23 +0200
Subject: bandit checker: mark false security issues - fix security issues (low
 severity)

---
 ishtar_common/models_common.py | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'ishtar_common/models_common.py')

diff --git a/ishtar_common/models_common.py b/ishtar_common/models_common.py
index fd12f19be..1e6da2b7d 100644
--- a/ishtar_common/models_common.py
+++ b/ishtar_common/models_common.py
@@ -1356,10 +1356,11 @@ class HistoricalRecords(BaseHistoricalRecords):
     def create_historical_record(self, instance, history_type, using=None):
         try:
             history_modifier = getattr(instance, "history_modifier", None)
-            assert history_modifier
-        except (User.DoesNotExist, AssertionError):
+        except User.DoesNotExist:
             # on batch removing of users, user could have disappeared
             return
+        if not history_modifier:
+            return
         history_date = getattr(instance, "_history_date", datetime.datetime.now())
         history_change_reason = getattr(instance, "changeReason", None)
         force = getattr(instance, "_force_history", False)
@@ -1550,7 +1551,8 @@ class BaseHistorizedItem(
         """
         Get a "step" previous state of the item
         """
-        assert step or date
+        if not step and not date:
+            raise AttributeError("Need to provide step or date")
         historized = self.history.all()
         item = None
         if step:
@@ -1720,7 +1722,8 @@ class BaseHistorizedItem(
                 or not self.last_modified:
             self.last_modified = datetime.datetime.now()
         if not getattr(self, "skip_history_when_saving", False):
-            assert hasattr(self, "history_modifier")
+            if not hasattr(self, "history_modifier"):
+                raise NotImplementedError("Should have a history_modifier field.")
             if created:
                 self.history_creator = self.history_modifier
         # external ID can have related item not available before save
@@ -3751,7 +3754,8 @@ class QuickAction:
         self.target = target
         self.module = module
         self.is_popup = is_popup
-        assert self.target in ("one", "many", None)
+        if self.target not in ("one", "many", None):
+            raise AttributeError("target must be one, many or None")
 
     def is_available(self, user, session=None, obj=None):
         if self.module and not getattr(get_current_profile(), self.module):
-- 
cgit v1.2.3