Mercurial > p > roundup > code
diff roundup/backends/rdbms_common.py @ 6002:3175bb92ca28
Cleanups for bandit
Set bandit to ignore use of md5.
Treat schema from database as trusted to eval. We wrote it based on
the schema.py file.
Replace some bare except: with a proper exception.
mode 775 for index directory is correct. Allows indices to be written
by email and web interfaces that run as different users but can have
the roundup group in common.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 26 Dec 2019 21:44:50 -0500 |
| parents | acc4a128ab9b |
| children | 1ec4aa670b0c |
line wrap: on
line diff
--- a/roundup/backends/rdbms_common.py Thu Dec 26 21:17:48 2019 -0500 +++ b/roundup/backends/rdbms_common.py Thu Dec 26 21:44:50 2019 -0500 @@ -80,7 +80,7 @@ num = str(num) try: return int(num) - except: + except ValueError: return float(num) def _bool_cvt(value): @@ -273,7 +273,8 @@ self.cursor.execute('select schema from schema') schema = self.cursor.fetchone() if schema: - self.database_schema = eval(schema[0]) + # bandit - schema is trusted + self.database_schema = eval(schema[0]) # nosec else: self.database_schema = {} @@ -672,7 +673,7 @@ on _%s(__retired__, _%s)'''%(cn, cn, key) try: self.sql(sql) - except Exception: + except Exception: # nosec # XXX catch e.g.: # _sqlite.DatabaseError: index _status_key_retired_idx already exists pass @@ -3117,7 +3118,7 @@ # calculation of the object. return ('%s%s is not text, retrieve using ' 'binary_content property. mdsum: %s')%(self.classname, - nodeid, md5(self.db.getfile(self.classname, nodeid, None)).hexdigest()) + nodeid, md5(self.db.getfile(self.classname, nodeid, None)).hexdigest()) # nosec - bandit md5 use ok elif propname == 'binary_content': return self.db.getfile(self.classname, nodeid, None)