fix: bandit check fails

basxsoftwareassociation · Nov 6, 2021 · 02de7e1 · 02de7e1
1 parent e1acc92
commit 02de7e1
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/bread/utils/inheritancemanager.py b/bread/utils/inheritancemanager.py
@@ -211,7 +211,12 @@ def instance_of(self, *models):
                 + ")"
             )
 
-        return self.select_subclasses(*models).extra(where=[" OR ".join(where_queries)])
+        # the following line triggers a bandit SQL-injection error
+        # however, the generated SQL does not consider any user input
+        # and is generated soley from values from model._meta
+        return self.select_subclasses(*models).extra(  # nosec
+            where=[" OR ".join(where_queries)]
+        )
 
 
 class InheritanceManagerMixin: