From 02de7e1bc499dc1fa4b58166cd24a98aebe6bf72 Mon Sep 17 00:00:00 2001
From: Sam <sam@basx.dev>
Date: Sat, 6 Nov 2021 14:31:18 +0700
Subject: [PATCH] fix: bandit check fails

---
 bread/utils/inheritancemanager.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/bread/utils/inheritancemanager.py b/bread/utils/inheritancemanager.py
index 0e926db8..6da9b43a 100644
--- a/bread/utils/inheritancemanager.py
+++ b/bread/utils/inheritancemanager.py
@@ -211,7 +211,12 @@ def instance_of(self, *models):
                 + ")"
             )
 
-        return self.select_subclasses(*models).extra(where=[" OR ".join(where_queries)])
+        # the following line triggers a bandit SQL-injection error
+        # however, the generated SQL does not consider any user input
+        # and is generated soley from values from model._meta
+        return self.select_subclasses(*models).extra(  # nosec
+            where=[" OR ".join(where_queries)]
+        )
 
 
 class InheritanceManagerMixin: