Code Style Checker: continued to implement checker for security related issues.

Mon, 15 Jun 2020 19:01:02 +0200

author
Detlev Offenbach <detlev@die-offenbachs.de>
date
Mon, 15 Jun 2020 19:01:02 +0200
changeset 7619
ef2b5af23ce7
parent 7618
cba5c14bcd5e
child 7620
52c2fe0308fd

Code Style Checker: continued to implement checker for security related issues.

eric6/Plugins/CheckerPlugins/CodeStyleChecker/CodeStyleChecker.py file | annotate | diff | comparison | revisions
eric6/Plugins/CheckerPlugins/CodeStyleChecker/CodeStyleCheckerDialog.py file | annotate | diff | comparison | revisions
eric6/Plugins/CheckerPlugins/CodeStyleChecker/CodeStyleCheckerDialog.ui file | annotate | diff | comparison | revisions
eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/blackListCalls.py file | annotate | diff | comparison | revisions
eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/djangoXssVulnerability.py file | annotate | diff | comparison | revisions
eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/insecureHashlibNew.py file | annotate | diff | comparison | revisions
eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityChecker.py file | annotate | diff | comparison | revisions
eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py file | annotate | diff | comparison | revisions
--- a/eric6/Plugins/CheckerPlugins/CodeStyleChecker/CodeStyleChecker.py	Mon Jun 15 18:23:27 2020 +0200
+++ b/eric6/Plugins/CheckerPlugins/CodeStyleChecker/CodeStyleChecker.py	Mon Jun 15 19:01:02 2020 +0200
@@ -12,6 +12,7 @@
 except ImportError:
     import queue
 
+import ast
 import sys
 import multiprocessing
 
@@ -272,6 +273,48 @@
         outputQueue.put((filename, result))
 
 
+def __checkSyntax(filename, source):
+    """
+    Private module function to perform a syntax check.
+    
+    @param filename source filename
+    @type str
+    @param source string containing the code to check
+    @type str
+    @return tuple containing the error dictionary with syntax error details
+        and a statistics dictionary or a tuple containing two None
+    @rtype tuple of (dict, dict) or tuple of (None, None)
+    """
+    src = "".join(source)
+    # Check type for py2: if not str it's unicode
+    if sys.version_info[0] == 2:
+        try:
+            src = src.encode('utf-8')
+        except UnicodeError:
+            pass
+    
+    try:
+        ast.parse(src, filename, 'exec')
+        return None, None
+    except (SyntaxError, TypeError):
+        exc_type, exc = sys.exc_info()[:2]
+        if len(exc.args) > 1:
+            offset = exc.args[1]
+            if len(offset) > 2:
+                offset = offset[1:3]
+        else:
+            offset = (1, 0)
+        return ({
+            "file": filename,
+            "line": offset[0],
+            "offset": offset[1],
+            "code": "E901",
+            "args": [exc_type.__name__, exc.args[0]],
+        }, {
+            "E901": 1,
+        })
+
+
 def __checkCodeStyle(filename, source, args):
     """
     Private module function to perform the code style check and/or fix
@@ -340,68 +383,73 @@
         else:
             ignore = []
         
-        # TODO: perform syntax check and report invalid syntax once for all
-        
-        # check coding style
-        pycodestyle.BLANK_LINES_CONFIG = {
-            # Top level class and function.
-            'top_level': blankLines[0],
-            # Methods and nested class and function.
-            'method': blankLines[1],
-        }
-        styleGuide = pycodestyle.StyleGuide(
-            reporter=CodeStyleCheckerReport,
-            repeat=repeatMessages,
-            select=select,
-            ignore=ignore,
-            max_line_length=maxLineLength,
-            max_doc_length=maxDocLineLength,
-            hang_closing=hangClosing,
-        )
-        report = styleGuide.check_files([filename])
-        stats.update(report.counters)
-        errors = report.errors
-        
-        # check documentation style
-        docStyleChecker = DocStyleChecker(
-            source, filename, select, ignore, [], repeatMessages,
-            maxLineLength=maxDocLineLength, docType=docType)
-        docStyleChecker.run()
-        stats.update(docStyleChecker.counters)
-        errors += docStyleChecker.errors
+        syntaxError, syntaxStats = __checkSyntax(filename, source)
+        if syntaxError:
+            errors = [syntaxError]
+            stats.update(syntaxStats)
         
-        # miscellaneous additional checks
-        miscellaneousChecker = MiscellaneousChecker(
-            source, filename, select, ignore, [], repeatMessages,
-            miscellaneousArgs)
-        miscellaneousChecker.run()
-        stats.update(miscellaneousChecker.counters)
-        errors += miscellaneousChecker.errors
-        
-        # check code complexity
-        complexityChecker = ComplexityChecker(
-            source, filename, select, ignore, codeComplexityArgs)
-        complexityChecker.run()
-        stats.update(complexityChecker.counters)
-        errors += complexityChecker.errors
-        
-        # check function annotations
-        if sys.version_info >= (3, 5, 0):
-            # annotations are supported from Python 3.5 on
-            from AnnotationsChecker import AnnotationsChecker
-            annotationsChecker = AnnotationsChecker(
+        # perform the checks only, if syntax is ok
+        else:
+            # check coding style
+            pycodestyle.BLANK_LINES_CONFIG = {
+                # Top level class and function.
+                'top_level': blankLines[0],
+                # Methods and nested class and function.
+                'method': blankLines[1],
+            }
+            styleGuide = pycodestyle.StyleGuide(
+                reporter=CodeStyleCheckerReport,
+                repeat=repeatMessages,
+                select=select,
+                ignore=ignore,
+                max_line_length=maxLineLength,
+                max_doc_length=maxDocLineLength,
+                hang_closing=hangClosing,
+            )
+            report = styleGuide.check_files([filename])
+            stats.update(report.counters)
+            errors = report.errors
+            
+            # check documentation style
+            docStyleChecker = DocStyleChecker(
                 source, filename, select, ignore, [], repeatMessages,
-                annotationArgs)
-            annotationsChecker.run()
-            stats.update(annotationsChecker.counters)
-            errors += annotationsChecker.errors
-        
-        securityChecker = SecurityChecker(
-            source, filename, select, ignore, [], repeatMessages,
-            securityArgs)
-        securityChecker.run()
-        stats.update(securityChecker.counters)
-        errors += securityChecker.errors
+                maxLineLength=maxDocLineLength, docType=docType)
+            docStyleChecker.run()
+            stats.update(docStyleChecker.counters)
+            errors += docStyleChecker.errors
+            
+            # miscellaneous additional checks
+            miscellaneousChecker = MiscellaneousChecker(
+                source, filename, select, ignore, [], repeatMessages,
+                miscellaneousArgs)
+            miscellaneousChecker.run()
+            stats.update(miscellaneousChecker.counters)
+            errors += miscellaneousChecker.errors
+            
+            # check code complexity
+            complexityChecker = ComplexityChecker(
+                source, filename, select, ignore, codeComplexityArgs)
+            complexityChecker.run()
+            stats.update(complexityChecker.counters)
+            errors += complexityChecker.errors
+            
+            # check function annotations
+            if sys.version_info >= (3, 5, 0):
+                # annotations are supported from Python 3.5 on
+                from AnnotationsChecker import AnnotationsChecker
+                annotationsChecker = AnnotationsChecker(
+                    source, filename, select, ignore, [], repeatMessages,
+                    annotationArgs)
+                annotationsChecker.run()
+                stats.update(annotationsChecker.counters)
+                errors += annotationsChecker.errors
+            
+            securityChecker = SecurityChecker(
+                source, filename, select, ignore, [], repeatMessages,
+                securityArgs)
+            securityChecker.run()
+            stats.update(securityChecker.counters)
+            errors += securityChecker.errors
     
     errorsDict = {}
     for error in errors:
--- a/eric6/Plugins/CheckerPlugins/CodeStyleChecker/CodeStyleCheckerDialog.py	Mon Jun 15 18:23:27 2020 +0200
+++ b/eric6/Plugins/CheckerPlugins/CodeStyleChecker/CodeStyleCheckerDialog.py	Mon Jun 15 19:01:02 2020 +0200
@@ -52,6 +52,13 @@
         'print_function', 'unicode_literals', 'generator_stop',
         'annotations']
     
+    cryptoBitSelectionsDsaRsa = [
+        "512", "1024", "2048", "4096", "8192", "16384", "32786",
+    ]
+    cryptoBitSelectionsEc = [
+        "160", "224", "256", "384", "512",
+    ]
+    
     checkCategories = {
         "A": QCoreApplication.translate(
             "CheckerCategories",
@@ -121,6 +128,19 @@
             itm.setFlags(itm.flags() | Qt.ItemIsUserCheckable)
             itm.setCheckState(Qt.Unchecked)
         
+        self.dsaHighRiskCombo.addItems(
+            CodeStyleCheckerDialog.cryptoBitSelectionsDsaRsa)
+        self.dsaMediumRiskCombo.addItems(
+            CodeStyleCheckerDialog.cryptoBitSelectionsDsaRsa)
+        self.rsaHighRiskCombo.addItems(
+            CodeStyleCheckerDialog.cryptoBitSelectionsDsaRsa)
+        self.rsaMediumRiskCombo.addItems(
+            CodeStyleCheckerDialog.cryptoBitSelectionsDsaRsa)
+        self.ecHighRiskCombo.addItems(
+            CodeStyleCheckerDialog.cryptoBitSelectionsEc)
+        self.ecMediumRiskCombo.addItems(
+            CodeStyleCheckerDialog.cryptoBitSelectionsEc)
+        
         self.statisticsButton = self.buttonBox.addButton(
             self.tr("Statistics..."), QDialogButtonBox.ActionRole)
         self.statisticsButton.setToolTip(
@@ -457,7 +477,30 @@
                 "MaximumComplexity": 3,
             }
         
-        # TODO: add 'SecurityChecker'
+        if "SecurityChecker" not in self.__data:
+            from .Security.SecurityDefaults import SecurityDefaults
+            self.__data["SecurityChecker"] = {
+                "HardcodedTmpDirectories":
+                    SecurityDefaults["hardcoded_tmp_directories"],
+                "InsecureHashes":
+                    SecurityDefaults["insecure_hashes"],
+                "InsecureSslProtocolVersions":
+                    SecurityDefaults["insecure_ssl_protocol_versions"],
+                "WeakKeySizeDsaHigh":
+                    str(SecurityDefaults["weak_key_size_dsa_high"]),
+                "WeakKeySizeDsaMedium":
+                    str(SecurityDefaults["weak_key_size_dsa_medium"]),
+                "WeakKeySizeRsaHigh":
+                    str(SecurityDefaults["weak_key_size_rsa_high"]),
+                "WeakKeySizeRsaMedium":
+                    str(SecurityDefaults["weak_key_size_rsa_medium"]),
+                "WeakKeySizeEcHigh":
+                    str(SecurityDefaults["weak_key_size_ec_high"]),
+                "WeakKeySizeEcMedium":
+                    str(SecurityDefaults["weak_key_size_ec_medium"]),
+                "CheckTypedException":
+                    SecurityDefaults["check_typed_exception"],
+            }
         
         self.__initCategoriesList(self.__data["EnabledCheckerCategories"])
         self.excludeFilesEdit.setText(self.__data["ExcludeFiles"])
@@ -492,6 +535,28 @@
         self.maxAnnotationsComplexitySpinBox.setValue(
             self.__data["AnnotationsChecker"]["MaximumComplexity"])
         
+        # security
+        self.tmpDirectoriesEdit.setPlainText("\n".join(
+            self.__data["SecurityChecker"]["HardcodedTmpDirectories"]))
+        self.hashesEdit.setText(", ".join(
+            self.__data["SecurityChecker"]["InsecureHashes"]))
+        self.insecureSslProtocolsEdit.setPlainText("\n".join(
+            self.__data["SecurityChecker"]["InsecureSslProtocolVersions"]))
+        self.dsaHighRiskCombo.setCurrentText(
+            self.__data["SecurityChecker"]["WeakKeySizeDsaHigh"])
+        self.dsaMediumRiskCombo.setCurrentText(
+            self.__data["SecurityChecker"]["WeakKeySizeDsaMedium"])
+        self.rsaHighRiskCombo.setCurrentText(
+            self.__data["SecurityChecker"]["WeakKeySizeRsaHigh"])
+        self.rsaMediumRiskCombo.setCurrentText(
+            self.__data["SecurityChecker"]["WeakKeySizeRsaMedium"])
+        self.ecHighRiskCombo.setCurrentText(
+            self.__data["SecurityChecker"]["WeakKeySizeEcHigh"])
+        self.ecMediumRiskCombo.setCurrentText(
+            self.__data["SecurityChecker"]["WeakKeySizeEcMedium"])
+        self.typedExceptionsCheckBox.setChecked(
+            self.__data["SecurityChecker"]["CheckTypedException"])
+        
         self.__cleanupData()
     
     def start(self, fn, save=False, repeat=None):
@@ -556,6 +621,8 @@
         self.__cleanupData()
         
         if len(self.files) > 0:
+            self.securityNoteLabel.setVisible(
+                "S" in self.__getCategories(True, asList=True))
             self.checkProgress.setMaximum(len(self.files))
             self.checkProgressLabel.setVisible(len(self.files) > 1)
             self.checkProgress.setVisible(len(self.files) > 1)
@@ -607,14 +674,41 @@
                     self.maxAnnotationsComplexitySpinBox.value(),
             }
             
-            # TODO: add 'SecurityChecker'
-            safetyArgs = {}
+            securityArgs = {
+                "hardcoded_tmp_directories": [
+                    t.strip()
+                    for t in self.tmpDirectoriesEdit.toPlainText().splitlines()
+                ],
+                "insecure_hashes": [
+                    h.strip()
+                    for h in self.hashesEdit.text().split(",")
+                ],
+                "insecure_ssl_protocol_versions": [
+                    p.strip()
+                    for p in self.insecureSslProtocolsEdit.toPlainText()
+                    .splitlines()
+                ],
+                "weak_key_size_dsa_high":
+                    int(self.dsaHighRiskCombo.currentText()),
+                "weak_key_size_dsa_medium":
+                    int(self.dsaMediumRiskCombo.currentText()),
+                "weak_key_size_rsa_high":
+                    int(self.rsaHighRiskCombo.currentText()),
+                "weak_key_size_rsa_medium":
+                    int(self.rsaMediumRiskCombo.currentText()),
+                "weak_key_size_ec_high":
+                    int(self.ecHighRiskCombo.currentText()),
+                "weak_key_size_ec_medium":
+                    int(self.ecMediumRiskCombo.currentText()),
+                "check_typed_exception":
+                    self.typedExceptionsCheckBox.isChecked(),
+            }
             
             self.__options = [excludeMessages, includeMessages, repeatMessages,
                               fixCodes, noFixCodes, fixIssues, maxLineLength,
                               maxDocLineLength, blankLines, hangClosing,
                               docType, codeComplexityArgs, miscellaneousArgs,
-                              annotationArgs, safetyArgs]
+                              annotationArgs, securityArgs]
             
             # now go through all the files
             self.progress = 0
@@ -960,9 +1054,37 @@
                         self.minAnnotationsCoverageSpinBox.value(),
                     "MaximumComplexity":
                         self.maxAnnotationsComplexitySpinBox.value(),
-                }
-                
-                # TODO: add 'SecurityChecker'
+                },
+                "SecurityChecker": {
+                    "HardcodedTmpDirectories": [
+                        t.strip()
+                        for t in self.tmpDirectoriesEdit.toPlainText()
+                        .splitlines()
+                    ],
+                    "InsecureHashes": [
+                        h.strip()
+                        for h in self.hashesEdit.text().split(",")
+                    ],
+                    "InsecureSslProtocolVersions": [
+                        p.strip()
+                        for p in self.insecureSslProtocolsEdit.toPlainText()
+                        .splitlines()
+                    ],
+                    "WeakKeySizeDsaHigh":
+                        self.dsaHighRiskCombo.currentText(),
+                    "WeakKeySizeDsaMedium":
+                        self.dsaMediumRiskCombo.currentText(),
+                    "WeakKeySizeRsaHigh":
+                        self.rsaHighRiskCombo.currentText(),
+                    "WeakKeySizeRsaMedium":
+                        self.rsaMediumRiskCombo.currentText(),
+                    "WeakKeySizeEcHigh":
+                        self.ecHighRiskCombo.currentText(),
+                    "WeakKeySizeEcMedium":
+                        self.ecMediumRiskCombo.currentText(),
+                    "CheckTypedException":
+                        self.typedExceptionsCheckBox.isChecked(),
+                },
             }
             if data != self.__data:
                 self.__data = data
@@ -1060,7 +1182,6 @@
             vm.openSourceFile(fn, lineno=lineno, pos=position + 1)
             editor = vm.getOpenEditor(fn)
             
-            # TODO: add other syntax errors or do syntax check once for all
             if code in ["E901", "E902"]:
                 editor.toggleSyntaxError(lineno, 0, True, message, True)
             else:
@@ -1197,7 +1318,48 @@
             Preferences.Prefs.settings.value(
                 "PEP8/MaximumAnnotationComplexity", 3)))
         
-        # TODO: add 'SecurityChecker'
+        # security
+        from .Security.SecurityDefaults import SecurityDefaults
+        self.tmpDirectoriesEdit.setPlainText("\n".join(
+            Preferences.toList(Preferences.Prefs.settings.value(
+                "PEP8/HardcodedTmpDirectories",
+                SecurityDefaults["hardcoded_tmp_directories"]))))
+        self.hashesEdit.setText(", ".join(
+            Preferences.toList(Preferences.Prefs.settings.value(
+                "PEP8/InsecureHashes",
+                SecurityDefaults["insecure_hashes"])))),
+        self.insecureSslProtocolsEdit.setPlainText("\n".join(
+            Preferences.toList(Preferences.Prefs.settings.value(
+                "PEP8/InsecureSslProtocolVersions",
+                SecurityDefaults["insecure_ssl_protocol_versions"])))),
+        self.dsaHighRiskCombo.setCurrentText(
+            Preferences.Prefs.settings.value(
+                "PEP8/WeakKeySizeDsaHigh",
+                str(SecurityDefaults["weak_key_size_dsa_high"])))
+        self.dsaMediumRiskCombo.setCurrentText(
+            Preferences.Prefs.settings.value(
+                "PEP8/WeakKeySizeDsaMedium",
+                str(SecurityDefaults["weak_key_size_dsa_medium"]))),
+        self.rsaHighRiskCombo.setCurrentText(
+            Preferences.Prefs.settings.value(
+                "PEP8/WeakKeySizeRsaHigh",
+                str(SecurityDefaults["weak_key_size_rsa_high"]))),
+        self.rsaMediumRiskCombo.setCurrentText(
+            Preferences.Prefs.settings.value(
+                "PEP8/WeakKeySizeRsaMedium",
+                str(SecurityDefaults["weak_key_size_rsa_medium"]))),
+        self.ecHighRiskCombo.setCurrentText(
+            Preferences.Prefs.settings.value(
+                "PEP8/WeakKeySizeEcHigh",
+                str(SecurityDefaults["weak_key_size_ec_high"]))),
+        self.ecMediumRiskCombo.setCurrentText(
+            Preferences.Prefs.settings.value(
+                "PEP8/WeakKeySizeEcMedium",
+                str(SecurityDefaults["weak_key_size_ec_medium"]))),
+        self.typedExceptionsCheckBox.setChecked(Preferences.toBool(
+            Preferences.Prefs.settings.value(
+                "PEP8/CheckTypedException",
+                SecurityDefaults["check_typed_exception"]))),
         
         self.__cleanupData()
     
@@ -1266,7 +1428,43 @@
             "PEP8/MaximumAnnotationComplexity",
             self.maxAnnotationsComplexitySpinBox.value())
         
-        # TODO: add 'SecurityChecker'
+        # security
+        Preferences.Prefs.settings.setValue(
+            "PEP8/HardcodedTmpDirectories",
+            [t.strip()
+             for t in self.tmpDirectoriesEdit.toPlainText().splitlines()
+             ]),
+        Preferences.Prefs.settings.setValue(
+            "PEP8/InsecureHashes",
+            [h.strip()
+             for h in self.hashesEdit.text().split(",")
+             ]),
+        Preferences.Prefs.settings.setValue(
+            "PEP8/InsecureSslProtocolVersions",
+            [p.strip()
+             for p in self.insecureSslProtocolsEdit.toPlainText().splitlines()
+             ]),
+        Preferences.Prefs.settings.setValue(
+            "PEP8/WeakKeySizeDsaHigh",
+            self.dsaHighRiskCombo.currentText()),
+        Preferences.Prefs.settings.setValue(
+            "PEP8/WeakKeySizeDsaMedium",
+            self.dsaMediumRiskCombo.currentText()),
+        Preferences.Prefs.settings.setValue(
+            "PEP8/WeakKeySizeRsaHigh",
+            self.rsaHighRiskCombo.currentText()),
+        Preferences.Prefs.settings.setValue(
+            "PEP8/WeakKeySizeRsaMedium",
+            self.rsaMediumRiskCombo.currentText()),
+        Preferences.Prefs.settings.setValue(
+            "PEP8/WeakKeySizeEcHigh",
+            self.ecHighRiskCombo.currentText()),
+        Preferences.Prefs.settings.setValue(
+            "PEP8/WeakKeySizeEcMedium",
+            self.ecMediumRiskCombo.currentText()),
+        Preferences.Prefs.settings.setValue(
+            "PEP8/CheckTypedException",
+            self.typedExceptionsCheckBox.isChecked()),
     
     @pyqtSlot()
     def on_resetDefaultButton_clicked(self):
@@ -1314,7 +1512,38 @@
         Preferences.Prefs.settings.setValue(
             "PEP8/MaximumAnnotationComplexity", 3)
         
-        # TODO: add 'SecurityChecker'
+        # security
+        from .Security.SecurityDefaults import SecurityDefaults
+        Preferences.Prefs.settings.setValue(
+            "PEP8/HardcodedTmpDirectories",
+            SecurityDefaults["hardcoded_tmp_directories"])
+        Preferences.Prefs.settings.setValue(
+            "PEP8/InsecureHashes",
+            SecurityDefaults["insecure_hashes"])
+        Preferences.Prefs.settings.setValue(
+            "PEP8/InsecureSslProtocolVersions",
+            SecurityDefaults["insecure_ssl_protocol_versions"])
+        Preferences.Prefs.settings.setValue(
+            "PEP8/WeakKeySizeDsaHigh",
+            str(SecurityDefaults["weak_key_size_dsa_high"]))
+        Preferences.Prefs.settings.setValue(
+            "PEP8/WeakKeySizeDsaMedium",
+            str(SecurityDefaults["weak_key_size_dsa_medium"]))
+        Preferences.Prefs.settings.setValue(
+            "PEP8/WeakKeySizeRsaHigh",
+            str(SecurityDefaults["weak_key_size_rsa_high"]))
+        Preferences.Prefs.settings.setValue(
+            "PEP8/WeakKeySizeRsaMedium",
+            str(SecurityDefaults["weak_key_size_rsa_medium"]))
+        Preferences.Prefs.settings.setValue(
+            "PEP8/WeakKeySizeEcHigh",
+            str(SecurityDefaults["weak_key_size_ec_high"]))
+        Preferences.Prefs.settings.setValue(
+            "PEP8/WeakKeySizeEcMedium",
+            str(SecurityDefaults["weak_key_size_ec_medium"]))
+        Preferences.Prefs.settings.setValue(
+            "PEP8/CheckTypedException",
+            SecurityDefaults["check_typed_exception"])
         
         # Update UI with default values
         self.on_loadDefaultButton_clicked()
--- a/eric6/Plugins/CheckerPlugins/CodeStyleChecker/CodeStyleCheckerDialog.ui	Mon Jun 15 18:23:27 2020 +0200
+++ b/eric6/Plugins/CheckerPlugins/CodeStyleChecker/CodeStyleCheckerDialog.ui	Mon Jun 15 19:01:02 2020 +0200
@@ -265,7 +265,7 @@
                 <x>0</x>
                 <y>0</y>
                 <width>637</width>
-                <height>891</height>
+                <height>884</height>
                </rect>
               </property>
               <layout class="QVBoxLayout" name="verticalLayout_6">
@@ -828,6 +828,248 @@
            </item>
           </layout>
          </widget>
+         <widget class="QWidget" name="securityOptionsTab">
+          <attribute name="title">
+           <string>Security Options</string>
+          </attribute>
+          <layout class="QGridLayout" name="gridLayout_7">
+           <item row="0" column="0">
+            <widget class="QLabel" name="label_21">
+             <property name="text">
+              <string>Hardcoded 'tmp' Directories:</string>
+             </property>
+             <property name="alignment">
+              <set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop</set>
+             </property>
+            </widget>
+           </item>
+           <item row="3" column="0" colspan="2">
+            <widget class="QGroupBox" name="groupBox_11">
+             <property name="title">
+              <string>Weak Cryptographic Keys</string>
+             </property>
+             <layout class="QVBoxLayout" name="verticalLayout_10">
+              <item>
+               <widget class="QGroupBox" name="groupBox_12">
+                <property name="title">
+                 <string>DSA</string>
+                </property>
+                <layout class="QHBoxLayout" name="horizontalLayout_5">
+                 <item>
+                  <widget class="QLabel" name="label_24">
+                   <property name="text">
+                    <string>High Risk:</string>
+                   </property>
+                  </widget>
+                 </item>
+                 <item>
+                  <widget class="QComboBox" name="dsaHighRiskCombo">
+                   <property name="toolTip">
+                    <string>Select the bit length below which a DSA key is to be considered very weak</string>
+                   </property>
+                   <property name="editable">
+                    <bool>false</bool>
+                   </property>
+                  </widget>
+                 </item>
+                 <item>
+                  <widget class="QLabel" name="label_25">
+                   <property name="text">
+                    <string>Medium Risk:</string>
+                   </property>
+                  </widget>
+                 </item>
+                 <item>
+                  <widget class="QComboBox" name="dsaMediumRiskCombo">
+                   <property name="toolTip">
+                    <string>Select the bit length below which a DSA key is to be considered weak</string>
+                   </property>
+                   <property name="editable">
+                    <bool>false</bool>
+                   </property>
+                  </widget>
+                 </item>
+                 <item>
+                  <spacer name="horizontalSpacer_8">
+                   <property name="orientation">
+                    <enum>Qt::Horizontal</enum>
+                   </property>
+                   <property name="sizeHint" stdset="0">
+                    <size>
+                     <width>324</width>
+                     <height>20</height>
+                    </size>
+                   </property>
+                  </spacer>
+                 </item>
+                </layout>
+               </widget>
+              </item>
+              <item>
+               <widget class="QGroupBox" name="groupBox_13">
+                <property name="title">
+                 <string>RSA</string>
+                </property>
+                <layout class="QHBoxLayout" name="horizontalLayout_9">
+                 <item>
+                  <widget class="QLabel" name="label_26">
+                   <property name="text">
+                    <string>High Risk:</string>
+                   </property>
+                  </widget>
+                 </item>
+                 <item>
+                  <widget class="QComboBox" name="rsaHighRiskCombo">
+                   <property name="toolTip">
+                    <string>Select the bit length below which a RSA key is to be considered very weak</string>
+                   </property>
+                   <property name="editable">
+                    <bool>false</bool>
+                   </property>
+                  </widget>
+                 </item>
+                 <item>
+                  <widget class="QLabel" name="label_27">
+                   <property name="text">
+                    <string>Medium Risk:</string>
+                   </property>
+                  </widget>
+                 </item>
+                 <item>
+                  <widget class="QComboBox" name="rsaMediumRiskCombo">
+                   <property name="toolTip">
+                    <string>Select the bit length below which a RSA key is to be considered weak</string>
+                   </property>
+                   <property name="editable">
+                    <bool>false</bool>
+                   </property>
+                  </widget>
+                 </item>
+                 <item>
+                  <spacer name="horizontalSpacer_9">
+                   <property name="orientation">
+                    <enum>Qt::Horizontal</enum>
+                   </property>
+                   <property name="sizeHint" stdset="0">
+                    <size>
+                     <width>40</width>
+                     <height>20</height>
+                    </size>
+                   </property>
+                  </spacer>
+                 </item>
+                </layout>
+               </widget>
+              </item>
+              <item>
+               <widget class="QGroupBox" name="groupBox_14">
+                <property name="title">
+                 <string>Elliptic Curves</string>
+                </property>
+                <layout class="QHBoxLayout" name="horizontalLayout_10">
+                 <item>
+                  <widget class="QLabel" name="label_28">
+                   <property name="text">
+                    <string>High Risk:</string>
+                   </property>
+                  </widget>
+                 </item>
+                 <item>
+                  <widget class="QComboBox" name="ecHighRiskCombo">
+                   <property name="toolTip">
+                    <string>Select the bit length below which an Elliptic Curve is to be considered very weak</string>
+                   </property>
+                   <property name="editable">
+                    <bool>false</bool>
+                   </property>
+                  </widget>
+                 </item>
+                 <item>
+                  <widget class="QLabel" name="label_29">
+                   <property name="text">
+                    <string>Medium Risk:</string>
+                   </property>
+                  </widget>
+                 </item>
+                 <item>
+                  <widget class="QComboBox" name="ecMediumRiskCombo">
+                   <property name="toolTip">
+                    <string>Select the bit length below which an Elliptic Curve is to be considered weak</string>
+                   </property>
+                   <property name="editable">
+                    <bool>false</bool>
+                   </property>
+                  </widget>
+                 </item>
+                 <item>
+                  <spacer name="horizontalSpacer_10">
+                   <property name="orientation">
+                    <enum>Qt::Horizontal</enum>
+                   </property>
+                   <property name="sizeHint" stdset="0">
+                    <size>
+                     <width>40</width>
+                     <height>20</height>
+                    </size>
+                   </property>
+                  </spacer>
+                 </item>
+                </layout>
+               </widget>
+              </item>
+             </layout>
+            </widget>
+           </item>
+           <item row="2" column="1">
+            <widget class="QPlainTextEdit" name="insecureSslProtocolsEdit">
+             <property name="toolTip">
+              <string>Enter the names of insecure SSL protocols and methods (one per line)</string>
+             </property>
+            </widget>
+           </item>
+           <item row="2" column="0">
+            <widget class="QLabel" name="label_23">
+             <property name="text">
+              <string>Insecure SSL Protocols:</string>
+             </property>
+             <property name="alignment">
+              <set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop</set>
+             </property>
+            </widget>
+           </item>
+           <item row="1" column="0">
+            <widget class="QLabel" name="label_22">
+             <property name="text">
+              <string>Insecure Hashes:</string>
+             </property>
+            </widget>
+           </item>
+           <item row="1" column="1">
+            <widget class="E5ClearableLineEdit" name="hashesEdit">
+             <property name="toolTip">
+              <string>Enter a list of hash methods to be considered insecure separated by comma</string>
+             </property>
+            </widget>
+           </item>
+           <item row="4" column="0" colspan="2">
+            <widget class="QCheckBox" name="typedExceptionsCheckBox">
+             <property name="toolTip">
+              <string>Select to also check for insecure exception handling for typed exceptions</string>
+             </property>
+             <property name="text">
+              <string>Check Typed Exceptions</string>
+             </property>
+            </widget>
+           </item>
+           <item row="0" column="1">
+            <widget class="QPlainTextEdit" name="tmpDirectoriesEdit">
+             <property name="toolTip">
+              <string>Enter directory names (one per line) to be checked for</string>
+             </property>
+            </widget>
+           </item>
+          </layout>
+         </widget>
         </widget>
        </item>
        <item>
@@ -907,6 +1149,13 @@
        <item>
         <layout class="QVBoxLayout" name="verticalLayout_7">
          <item>
+          <widget class="QLabel" name="securityNoteLabel">
+           <property name="text">
+            <string>&lt;b&gt;Note:&lt;/b&gt; Mark reviewed security issues with a &quot;&lt;b&gt;#  secok&lt;/b&gt;&quot; comment.</string>
+           </property>
+          </widget>
+         </item>
+         <item>
           <widget class="QTreeWidget" name="resultList">
            <property name="sizePolicy">
             <sizepolicy hsizetype="Expanding" vsizetype="Expanding">
@@ -1089,13 +1338,23 @@
   <tabstop>lineComplexityScoreSpinBox</tabstop>
   <tabstop>minAnnotationsCoverageSpinBox</tabstop>
   <tabstop>maxAnnotationsComplexitySpinBox</tabstop>
+  <tabstop>tmpDirectoriesEdit</tabstop>
+  <tabstop>hashesEdit</tabstop>
+  <tabstop>insecureSslProtocolsEdit</tabstop>
+  <tabstop>dsaHighRiskCombo</tabstop>
+  <tabstop>dsaMediumRiskCombo</tabstop>
+  <tabstop>rsaHighRiskCombo</tabstop>
+  <tabstop>rsaMediumRiskCombo</tabstop>
+  <tabstop>ecHighRiskCombo</tabstop>
+  <tabstop>ecMediumRiskCombo</tabstop>
+  <tabstop>typedExceptionsCheckBox</tabstop>
+  <tabstop>resetDefaultButton</tabstop>
   <tabstop>loadDefaultButton</tabstop>
   <tabstop>storeDefaultButton</tabstop>
-  <tabstop>resetDefaultButton</tabstop>
   <tabstop>startButton</tabstop>
   <tabstop>resultList</tabstop>
+  <tabstop>fixButton</tabstop>
   <tabstop>restartButton</tabstop>
-  <tabstop>fixButton</tabstop>
  </tabstops>
  <resources/>
  <connections>
--- a/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/blackListCalls.py	Mon Jun 15 18:23:27 2020 +0200
+++ b/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/blackListCalls.py	Mon Jun 15 19:01:02 2020 +0200
@@ -158,7 +158,7 @@
     'S323': ([
         'ssl._create_unverified_context'],
         "M"),
-    'S325': ([
+    'S324': ([
         'os.tempnam',
         'os.tmpnam'],
         "M"),
--- a/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/djangoXssVulnerability.py	Mon Jun 15 18:23:27 2020 +0200
+++ b/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/djangoXssVulnerability.py	Mon Jun 15 19:01:02 2020 +0200
@@ -115,7 +115,6 @@
         )
 
 
-# TODO: carry on from here
 class DeepAssignation(object):
     """
     Class to perform a deep analysis of an assign.
--- a/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/insecureHashlibNew.py	Mon Jun 15 18:23:27 2020 +0200
+++ b/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/insecureHashlibNew.py	Mon Jun 15 19:01:02 2020 +0200
@@ -29,7 +29,7 @@
     """
     return {
         "Call": [
-            (checkHashlibNew, ("S324",)),
+            (checkHashlibNew, ("S331",)),
         ],
     }
 
@@ -65,7 +65,7 @@
                 reportError(
                     context.node.lineno - 1,
                     context.node.col_offset,
-                    "S324",
+                    "S331",
                     "M",
                     "H",
                     name.upper()
--- a/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityChecker.py	Mon Jun 15 18:23:27 2020 +0200
+++ b/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityChecker.py	Mon Jun 15 19:01:02 2020 +0200
@@ -47,9 +47,10 @@
         # insecure function calls (blacklisted)
         "S301", "S302", "S303", "S304", "S305", "S306", "S307", "S308", "S309",
         "S310", "S311", "S312", "S313", "S314", "S315", "S316", "S317", "S318",
-        "S319", "S320", "S321", "S322", "S323", "S325",     # TODO: check S324
+        "S319", "S320", "S321", "S322", "S323", "S324",
+        
         # hashlib.new
-        "S324",
+        "S331",
         
         # insecure imports (blacklisted)
         "S401", "S402", "S403", "S404", "S405", "S406", "S407", "S408", "S409",
--- a/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py	Mon Jun 15 18:23:27 2020 +0200
+++ b/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py	Mon Jun 15 19:01:02 2020 +0200
@@ -166,13 +166,13 @@
         " using an insecure context via the _create_unverified_context that"
         " reverts to the previous behavior that does not validate"
         " certificates or perform hostname checks."),
-    "S325": QCoreApplication.translate(
+    "S324": QCoreApplication.translate(
         "Security",
         "Use of os.tempnam() and os.tmpnam() is vulnerable to symlink"
         " attacks. Consider using tmpfile() instead."),
     
     # hashlib.new
-    "S324": QCoreApplication.translate(
+    "S331": QCoreApplication.translate(
         "Security",
         "Use of insecure {0} hash function."),
     
@@ -187,11 +187,11 @@
         " insecure. Use SSH/SFTP/SCP or some other encrypted protocol."),
     "S403": QCoreApplication.translate(
         "Security",
-        "Consider possible security implications associated with '{0}'"
+        "Consider possible security implications associated with the '{0}'"
         " module."),
     "S404": QCoreApplication.translate(
         "Security",
-        "Consider possible security implications associated with '{0}'"
+        "Consider possible security implications associated with the '{0}'"
         " module."),
     "S405": QCoreApplication.translate(
         "Security",
@@ -384,7 +384,7 @@
     "S319": ["xml.dom.pulldom.parse"],
     "S320": ["lxml.etree.parse"],
     
-    "S324": ["MD5"],
+    "S331": ["MD5"],
     
     "S403": ["pickle"],
     "S404": ["subprocess"],

eric ide

mercurial