Mercurial Repositories > eric / annotate

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/prohibitedCalls.py@6a37b6ac3928 (annotated)

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/prohibitedCalls.py

Tue, 16 Jan 2024 14:18:52 +0100

author
Detlev Offenbach <detlev@die-offenbachs.de>
date
Tue, 16 Jan 2024 14:18:52 +0100
branch
eric7
changeset 10503
6a37b6ac3928
parent 10439
src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/blackListCalls.py@21c28b0f9e41
child 10507
d1c6608155ef
permissions
-rw-r--r--

Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.

7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
1 # -*- coding: utf-8 -*-
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
2
10439
21c28b0f9e41 Updated copyright for 2024.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10373
diff changeset
3 # Copyright (c) 2020 - 2024 Detlev Offenbach <detlev@die-offenbachs.de>
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
4 #
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
5
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
6 """
10503
6a37b6ac3928 Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
7 Module implementing checks for prohibited methods and functions.
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
8 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
9
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
10 #
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
11 # This is a modified version of the one found in the bandit package.
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
12 #
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
13 # Original Copyright 2016 Hewlett-Packard Development Company, L.P.
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
14 #
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
15 # SPDX-License-Identifier: Apache-2.0
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
16 #
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
17
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
18 import ast
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
19 import fnmatch
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
20 import sys
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
21
7622
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7619
diff changeset
22 import AstUtilities
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7619
diff changeset
23
10503
6a37b6ac3928 Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
24 _prohibitedCalls = {
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
25 "S301": (
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
26 [
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
27 "pickle.loads",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
28 "pickle.load",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
29 "pickle.Unpickler",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
30 "cPickle.loads",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
31 "cPickle.load",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
32 "cPickle.Unpickler",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
33 "dill.loads",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
34 "dill.load",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
35 "dill.Unpickler",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
36 "shelve.open",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
37 "shelve.DbfilenameShelf",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
38 ],
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
39 "M",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
40 ),
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
41 "S302": (["marshal.load", "marshal.loads"], "M"),
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
42 }
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
43 if sys.version_info >= (3, 9):
10503
6a37b6ac3928 Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
44 _prohibitedCalls["S303"] = (
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
45 [
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
46 "Crypto.Hash.MD2.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
47 "Crypto.Hash.MD4.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
48 "Crypto.Hash.MD5.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
49 "Crypto.Hash.SHA.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
50 "Cryptodome.Hash.MD2.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
51 "Cryptodome.Hash.MD4.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
52 "Cryptodome.Hash.MD5.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
53 "Cryptodome.Hash.SHA.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
54 "cryptography.hazmat.primitives.hashes.MD5",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
55 "cryptography.hazmat.primitives.hashes.SHA1",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
56 ],
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
57 "M",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
58 )
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
59 else:
10503
6a37b6ac3928 Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
60 _prohibitedCalls["S303"] = (
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
61 [
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
62 "hashlib.md4",
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
63 "hashlib.md5",
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
64 "hashlib.sha",
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
65 "hashlib.sha1",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
66 "Crypto.Hash.MD2.new",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
67 "Crypto.Hash.MD4.new",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
68 "Crypto.Hash.MD5.new",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
69 "Crypto.Hash.SHA.new",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
70 "Cryptodome.Hash.MD2.new",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
71 "Cryptodome.Hash.MD4.new",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
72 "Cryptodome.Hash.MD5.new",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
73 "Cryptodome.Hash.SHA.new",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
74 "cryptography.hazmat.primitives.hashes.MD5",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
75 "cryptography.hazmat.primitives.hashes.SHA1",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
76 ],
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
77 "M",
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
78 )
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
79
10503
6a37b6ac3928 Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
80 _prohibitedCalls.update(
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
81 {
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
82 "S304": (
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
83 [
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
84 "Crypto.Cipher.ARC2.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
85 "Crypto.Cipher.ARC4.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
86 "Crypto.Cipher.Blowfish.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
87 "Crypto.Cipher.DES.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
88 "Crypto.Cipher.XOR.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
89 "Cryptodome.Cipher.ARC2.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
90 "Cryptodome.Cipher.ARC4.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
91 "Cryptodome.Cipher.Blowfish.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
92 "Cryptodome.Cipher.DES.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
93 "Cryptodome.Cipher.XOR.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
94 "cryptography.hazmat.primitives.ciphers.algorithms.ARC4",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
95 "cryptography.hazmat.primitives.ciphers.algorithms.Blowfish",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
96 "cryptography.hazmat.primitives.ciphers.algorithms.IDEA",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
97 ],
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
98 "H",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
99 ),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
100 "S305": (["cryptography.hazmat.primitives.ciphers.modes.ECB"], "M"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
101 "S306": (["tempfile.mktemp"], "M"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
102 "S307": (["eval"], "M"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
103 "S308": (["django.utils.safestring.mark_safe"], "M"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
104 "S309": (
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
105 [
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
106 "httplib.HTTPSConnection",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
107 "http.client.HTTPSConnection",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
108 "six.moves.http_client.HTTPSConnection",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
109 ],
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
110 "M",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
111 ),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
112 "S310": (
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
113 [
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
114 "urllib.urlopen",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
115 "urllib.request.urlopen",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
116 "urllib.urlretrieve",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
117 "urllib.request.urlretrieve",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
118 "urllib.URLopener",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
119 "urllib.request.URLopener",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
120 "urllib.FancyURLopener",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
121 "urllib.request.FancyURLopener",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
122 "urllib2.urlopen",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
123 "urllib2.Request",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
124 "six.moves.urllib.request.urlopen",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
125 "six.moves.urllib.request.urlretrieve",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
126 "six.moves.urllib.request.URLopener",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
127 "six.moves.urllib.request.FancyURLopener",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
128 ],
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
129 "",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
130 ),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
131 "S311": (
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
132 [
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
133 "random.random",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
134 "random.randrange",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
135 "random.randint",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
136 "random.choice",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
137 "random.choices",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
138 "random.uniform",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
139 "random.triangular",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
140 ],
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
141 "L",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
142 ),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
143 "S312": (["telnetlib.*"], "H"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
144 "S313": (
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
145 [
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
146 "xml.etree.cElementTree.parse",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
147 "xml.etree.cElementTree.iterparse",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
148 "xml.etree.cElementTree.fromstring",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
149 "xml.etree.cElementTree.XMLParser",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
150 ],
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
151 "M",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
152 ),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
153 "S314": (
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
154 [
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
155 "xml.etree.ElementTree.parse",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
156 "xml.etree.ElementTree.iterparse",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
157 "xml.etree.ElementTree.fromstring",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
158 "xml.etree.ElementTree.XMLParser",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
159 ],
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
160 "M",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
161 ),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
162 "S315": (["xml.sax.expatreader.create_parser"], "M"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
163 "S316": (
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
164 ["xml.dom.expatbuilder.parse", "xml.dom.expatbuilder.parseString"],
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
165 "M",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
166 ),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
167 "S317": (["xml.sax.parse", "xml.sax.parseString", "xml.sax.make_parser"], "M"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
168 "S318": (["xml.dom.minidom.parse", "xml.dom.minidom.parseString"], "M"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
169 "S319": (["xml.dom.pulldom.parse", "xml.dom.pulldom.parseString"], "M"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
170 "S320": (
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
171 [
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
172 "lxml.etree.parse",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
173 "lxml.etree.fromstring",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
174 "lxml.etree.RestrictedElement",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
175 "lxml.etree.GlobalParserTLS",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
176 "lxml.etree.getDefaultParser",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
177 "lxml.etree.check_docinfo",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
178 ],
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
179 "M",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
180 ),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
181 "S321": (["ftplib.*"], "H"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
182 "S322": (["input"], "H"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
183 "S323": (["ssl._create_unverified_context"], "M"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
184 "S324": (["os.tempnam", "os.tmpnam"], "M"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
185 }
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
186 )
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
187
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
188
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
189 def getChecks():
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
190 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
191 Public method to get a dictionary with checks handled by this module.
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
192
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
193 @return dictionary containing checker lists containing checker function and
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
194 list of codes
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
195 @rtype dict
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
196 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
197 return {
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
198 "Call": [
10503
6a37b6ac3928 Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
199 (checkProhibitedCalls, tuple(_prohibitedCalls)),
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
200 ],
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
201 }
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
202
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
203
10503
6a37b6ac3928 Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
204 def checkProhibitedCalls(reportError, context, config): # noqa: U100
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
205 """
10503
6a37b6ac3928 Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
206 Function to check for prohibited method calls.
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
207
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
208 @param reportError function to be used to report errors
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
209 @type func
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
210 @param context security context object
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
211 @type SecurityContext
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
212 @param config dictionary with configuration data
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
213 @type dict
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
214 """
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
215 nodeType = context.node.__class__.__name__
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
216
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
217 if nodeType == "Call":
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
218 func = context.node.func
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
219 if isinstance(func, ast.Name) and func.id == "__import__":
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
220 if len(context.node.args):
7622
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7619
diff changeset
221 if AstUtilities.isString(context.node.args[0]):
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
222 name = context.node.args[0].s
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
223 else:
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
224 name = "UNKNOWN"
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
225 else:
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
226 name = "" # handle '__import__()'
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
227 else:
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
228 name = context.callFunctionNameQual
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
229 # In the case the Call is an importlib.import, treat the first
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
230 # argument name as an actual import module name.
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
231 # Will produce None if argument is not a literal or identifier.
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
232 if name in ["importlib.import_module", "importlib.__import__"]:
7629
21fea11a82fa blackListCalls: fixed an porting issue.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7622
diff changeset
233 name = context.callArgs[0]
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
234
10503
6a37b6ac3928 Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
235 for code in _prohibitedCalls:
6a37b6ac3928 Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
236 qualnames, severity = _prohibitedCalls[code]
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
237 for qualname in qualnames:
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
238 if name and fnmatch.fnmatch(name, qualname):
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
239 reportError(
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
240 context.node.lineno - 1,
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
241 context.node.col_offset,
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
242 code,
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
243 severity,
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
244 "H",
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
245 name,
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
246 )

Mercurial Repository: eric

eric ide

mercurial