Improper use of assert statement
Description
The application uses `assert` in non-test code, which can lead to undefined behavior or application crashes when compiling Python code to optimized byte code.
Examples
Insecure Code
python
assert user.is_authenticated(), "user must be authenticated"Secure Code
python
try:
if not user.is_authenticated():
raise AuthError("user must be authenticated")
except AuthError as e:
# Handle error
#...
# Return, do not continue processing
returnRemediation
Remove `assert` calls and replace them with `if` conditions or `try/except` blocks if necessary.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0112 |
| Category | ErrorHandling |
| Severity | LOW |
| CWE | CWE-754 |
| Confidence | HIGH |
| Impact | LOW |
| Likelihood | LOW |
| Exploitability | COMPLEX |
| Tags | assert, python |
| OWASP | A6:2017-Security Misconfiguration, A05:2021-Security Misconfiguration |