Mon, 08 Jun 2020 20:08:27 +0200
Code Style Checker: continued to implement checker for security related issues.
7612
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
1 | # -*- coding: utf-8 -*- |
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
2 | |
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
3 | # Copyright (c) 2020 Detlev Offenbach <detlev@die-offenbachs.de> |
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
4 | # |
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
5 | |
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
6 | |
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
7 | """ |
7613
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
8 | Module implementing message translations for the code style plugin messages |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
9 | (security part). |
7612
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
10 | """ |
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
11 | |
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
12 | from PyQt5.QtCore import QCoreApplication |
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
13 | |
7613
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
14 | _securityMessages = { |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
15 | # assert used |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
16 | "S101": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
17 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
18 | "Use of assert detected. The enclosed code will be removed when" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
19 | " compiling to optimised byte code."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
20 | |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
21 | # flask app |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
22 | "S201": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
23 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
24 | "A Flask app appears to be run with debug=True, which exposes the" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
25 | " Werkzeug debugger and allows the execution of arbitrary code."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
26 | |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
27 | # blacklisted calls |
7612
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
28 | "S301": QCoreApplication.translate( |
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
29 | "Security", |
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
30 | "Pickle and modules that wrap it can be unsafe when used to " |
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
31 | "deserialize untrusted data, possible security issue."), |
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
32 | "S302": QCoreApplication.translate( |
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
33 | "Security", |
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
34 | "Deserialization with the marshal module is possibly dangerous."), |
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
35 | "S303": QCoreApplication.translate( |
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
36 | "Security", |
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
37 | "Use of insecure MD2, MD4, MD5, or SHA1 hash function."), |
7613
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
38 | "S304": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
39 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
40 | "Use of insecure cipher '{0}'. Replace with a known secure cipher" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
41 | " such as AES."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
42 | "S305": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
43 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
44 | "Use of insecure cipher mode '{0}'."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
45 | "S306": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
46 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
47 | "Use of insecure and deprecated function (mktemp)."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
48 | "S307": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
49 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
50 | "Use of possibly insecure function - consider using safer" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
51 | " ast.literal_eval."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
52 | "S308": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
53 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
54 | "Use of mark_safe() may expose cross-site scripting vulnerabilities" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
55 | " and should be reviewed."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
56 | "S309": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
57 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
58 | "Use of HTTPSConnection on older versions of Python prior to 2.7.9" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
59 | " and 3.4.3 do not provide security, see" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
60 | " https://wiki.openstack.org/wiki/OSSN/OSSN-0033"), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
61 | "S310": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
62 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
63 | "Audit url open for permitted schemes. Allowing use of file:/ or" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
64 | " custom schemes is often unexpected."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
65 | "S311": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
66 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
67 | "Standard pseudo-random generators are not suitable for" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
68 | " security/cryptographic purposes."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
69 | "S312": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
70 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
71 | "Telnet-related functions are being called. Telnet is considered" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
72 | " insecure. Use SSH or some other encrypted protocol."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
73 | "S313": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
74 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
75 | "Using '{0}' to parse untrusted XML data is known to be vulnerable to" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
76 | " XML attacks. Replace '{0}' with its defusedxml equivalent function" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
77 | " or make sure defusedxml.defuse_stdlib() is called."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
78 | "S314": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
79 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
80 | "Using '{0}' to parse untrusted XML data is known to be vulnerable to" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
81 | " XML attacks. Replace '{0}' with its defusedxml equivalent function" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
82 | " or make sure defusedxml.defuse_stdlib() is called."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
83 | "S315": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
84 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
85 | "Using '{0}' to parse untrusted XML data is known to be vulnerable to" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
86 | " XML attacks. Replace '{0}' with its defusedxml equivalent function" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
87 | " or make sure defusedxml.defuse_stdlib() is called."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
88 | "S316": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
89 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
90 | "Using '{0}' to parse untrusted XML data is known to be vulnerable to" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
91 | " XML attacks. Replace '{0}' with its defusedxml equivalent function" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
92 | " or make sure defusedxml.defuse_stdlib() is called."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
93 | "S317": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
94 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
95 | "Using '{0}' to parse untrusted XML data is known to be vulnerable to" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
96 | " XML attacks. Replace '{0}' with its defusedxml equivalent function" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
97 | " or make sure defusedxml.defuse_stdlib() is called."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
98 | "S318": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
99 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
100 | "Using '{0}' to parse untrusted XML data is known to be vulnerable to" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
101 | " XML attacks. Replace '{0}' with its defusedxml equivalent function" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
102 | " or make sure defusedxml.defuse_stdlib() is called."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
103 | "S319": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
104 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
105 | "Using '{0}' to parse untrusted XML data is known to be vulnerable to" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
106 | " XML attacks. Replace '{0}' with its defusedxml equivalent function" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
107 | " or make sure defusedxml.defuse_stdlib() is called."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
108 | "S320": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
109 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
110 | "Using '{0}' to parse untrusted XML data is known to be vulnerable to" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
111 | " XML attacks. Replace '{0}' with its defusedxml equivalent" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
112 | " function."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
113 | "S321": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
114 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
115 | "FTP-related functions are being called. FTP is considered insecure." |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
116 | " Use SSH/SFTP/SCP or some other encrypted protocol."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
117 | "S322": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
118 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
119 | "The input method in Python 2 will read from standard input, evaluate" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
120 | " and run the resulting string as Python source code. This is" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
121 | " similar, though in many ways worse, than using eval. On Python 2," |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
122 | " use raw_input instead, input is safe in Python 3."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
123 | "S323": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
124 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
125 | "By default, Python will create a secure, verified SSL context for" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
126 | " use in such classes as HTTPSConnection. However, it still allows" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
127 | " using an insecure context via the _create_unverified_context that" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
128 | " reverts to the previous behavior that does not validate" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
129 | " certificates or perform hostname checks."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
130 | "S325": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
131 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
132 | "Use of os.tempnam() and os.tmpnam() is vulnerable to symlink" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
133 | " attacks. Consider using tmpfile() instead."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
134 | |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
135 | # blacklisted imports |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
136 | "S401": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
137 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
138 | "A telnet-related module is being imported. Telnet is considered" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
139 | " insecure. Use SSH or some other encrypted protocol."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
140 | "S402": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
141 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
142 | "A FTP-related module is being imported. FTP is considered" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
143 | " insecure. Use SSH/SFTP/SCP or some other encrypted protocol."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
144 | "S403": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
145 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
146 | "Consider possible security implications associated with '{0}'" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
147 | " module."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
148 | "S404": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
149 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
150 | "Consider possible security implications associated with '{0}'" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
151 | " module."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
152 | "S405": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
153 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
154 | "Using '{0}' to parse untrusted XML data is known to be vulnerable" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
155 | " to XML attacks. Replace '{0}' with the equivalent defusedxml" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
156 | " package, or make sure defusedxml.defuse_stdlib() is called."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
157 | "S406": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
158 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
159 | "Using '{0}' to parse untrusted XML data is known to be vulnerable" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
160 | " to XML attacks. Replace '{0}' with the equivalent defusedxml" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
161 | " package, or make sure defusedxml.defuse_stdlib() is called."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
162 | "S407": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
163 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
164 | "Using '{0}' to parse untrusted XML data is known to be vulnerable" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
165 | " to XML attacks. Replace '{0}' with the equivalent defusedxml" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
166 | " package, or make sure defusedxml.defuse_stdlib() is called."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
167 | "S408": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
168 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
169 | "Using '{0}' to parse untrusted XML data is known to be vulnerable" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
170 | " to XML attacks. Replace '{0}' with the equivalent defusedxml" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
171 | " package, or make sure defusedxml.defuse_stdlib() is called."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
172 | "S409": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
173 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
174 | "Using '{0}' to parse untrusted XML data is known to be vulnerable" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
175 | " to XML attacks. Replace '{0}' with the equivalent defusedxml" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
176 | " package, or make sure defusedxml.defuse_stdlib() is called."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
177 | "S410": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
178 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
179 | "Using '{0}' to parse untrusted XML data is known to be vulnerable" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
180 | " to XML attacks. Replace '{0}' with the equivalent defusedxml" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
181 | " package."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
182 | "S411": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
183 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
184 | "Using '{0}' to parse untrusted XML data is known to be vulnerable" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
185 | " to XML attacks. Use defused.xmlrpc.monkey_patch() function to" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
186 | " monkey-patch xmlrpclib and mitigate XML vulnerabilities."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
187 | "S412": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
188 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
189 | "Consider possible security implications associated with '{0}'" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
190 | " module."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
191 | "S413": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
192 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
193 | "The pyCrypto library and its module '{0}' are no longer actively" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
194 | " maintained and have been deprecated. Consider using" |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
195 | " pyca/cryptography library."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
196 | |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
197 | # insecure certificate usage |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
198 | "S501": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
199 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
200 | "Requests call with verify=False disabling SSL certificate checks," |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
201 | " security issue."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
202 | |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
203 | # YAML load |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
204 | "S506": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
205 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
206 | "Use of unsafe yaml load. Allows instantiation of arbitrary objects." |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
207 | " Consider yaml.safe_load()."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
208 | |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
209 | # Django SQL injection |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
210 | "S610": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
211 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
212 | "Use of extra potential SQL attack vector."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
213 | "S611": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
214 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
215 | "Use of RawSQL potential SQL attack vector."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
216 | |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
217 | # Django XSS vulnerability |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
218 | "S703": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
219 | "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
220 | "Potential XSS on mark_safe() function."), |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
221 | |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
222 | ## "S": QCoreApplication.translate( |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
223 | ## "Security", |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
224 | ## ""), |
7612
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
225 | } |
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
226 | |
7613
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
227 | _securityMessagesSampleArgs = { |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
228 | "S304": ["Crypto.Cipher.DES"], |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
229 | "S305": ["cryptography.hazmat.primitives.ciphers.modes.ECB"], |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
230 | "S313": ["xml.etree.cElementTree.parse"], |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
231 | "S314": ["xml.etree.ElementTree.parse"], |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
232 | "S315": ["xml.sax.expatreader.create_parser"], |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
233 | "S316": ["xml.dom.expatbuilder.parse"], |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
234 | "S317": ["xml.sax.parse"], |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
235 | "S318": ["xml.dom.minidom.parse"], |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
236 | "S319": ["xml.dom.pulldom.parse"], |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
237 | "S320": ["lxml.etree.parse"], |
7612
ca1ce1e0fcff
Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
238 | |
7613
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
239 | "S403": ["pickle"], |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
240 | "S404": ["subprocess"], |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
241 | "S405": ["xml.etree.ElementTree"], |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
242 | "S406": ["xml.sax"], |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
243 | "S407": ["xml.dom.expatbuilder"], |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
244 | "S408": ["xml.dom.minidom"], |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
245 | "S409": ["xml.dom.pulldom"], |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
246 | "S410": ["lxml"], |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
247 | "S411": ["xmlrpclib"], |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
248 | "S412": ["wsgiref.handlers.CGIHandler"], |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
249 | "S413": ["Crypto.Cipher"], |
382f89c11e27
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7612
diff
changeset
|
250 | } |