Mercurial Repositories > eric / annotate

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityChecker.py@73d80859079c (annotated)

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityChecker.py

Thu, 27 Feb 2025 14:42:39 +0100

author
Detlev Offenbach <detlev@die-offenbachs.de>
date
Thu, 27 Feb 2025 14:42:39 +0100
branch
eric7
changeset 11150
73d80859079c
parent 11147
dee6e106b4d3
permissions
-rw-r--r--

Code Style Checkers
- Refactored the various code style checkers for better maintainability.

7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
1 # -*- coding: utf-8 -*-
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
2
11090
f5f5f5803935 Updated copyright for 2025.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10996
diff changeset
3 # Copyright (c) 2020 - 2025 Detlev Offenbach <detlev@die-offenbachs.de>
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
4 #
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
5
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
6 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
7 Module implementing the security checker.
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
8 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
9
9473
3f23dbf37dbe Resorted the import statements using isort.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
10 import collections
11150
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
11
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
12 from CodeStyleTopicChecker import CodeStyleTopicChecker
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
13
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
14 from . import Checks
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
15 from .SecurityNodeVisitor import SecurityNodeVisitor
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
16
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
17
11150
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
18 class SecurityChecker(CodeStyleTopicChecker):
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
19 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
20 Class implementing a checker for security issues.
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
21 """
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
22
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
23 Codes = [
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
24 # assert used
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
25 "S-101",
7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
26 # exec used
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
27 "S-102",
7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
28 # bad file permissions
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
29 "S-103",
7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
30 # bind to all interfaces
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
31 "S-104",
7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
32 # hardcoded passwords
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
33 "S-105",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
34 "S-106",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
35 "S-107"
7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
36 # hardcoded tmp directory
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
37 "S-108",
7615
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
38 # try-except
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
39 "S-110",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
40 "S-112",
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
41 # flask app
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
42 "S-201",
10503
6a37b6ac3928 Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
43 # insecure function calls (prohibited)
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
44 "S-301",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
45 "S-302",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
46 "S-303",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
47 "S-304",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
48 "S-305",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
49 "S-306",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
50 "S-307",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
51 "S-308",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
52 "S-310",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
53 "S-311",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
54 "S-312",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
55 "S-313",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
56 "S-314",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
57 "S-315",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
58 "S-316",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
59 "S-317",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
60 "S-318",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
61 "S-319",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
62 "S-321",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
63 "S-323",
11136
437db2f032fd Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11090
diff changeset
64 # hashlib functions
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
65 "S-331",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
66 "S-332"
10503
6a37b6ac3928 Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
67 # insecure imports (prohibited)
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
68 "S-401",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
69 "S-402",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
70 "S-403",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
71 "S-404",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
72 "S-405",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
73 "S-406",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
74 "S-407",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
75 "S-408",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
76 "S-409",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
77 "S-411",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
78 "S-412",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
79 "S-413",
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
80 # insecure certificate usage
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
81 "S-501",
7615
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
82 # insecure SSL/TLS protocol version
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
83 "S-502",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
84 "S-503",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
85 "S-504",
7616
01d646569115 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7615
diff changeset
86 # weak cryptographic keys
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
87 "S-505",
7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
88 # YAML load
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
89 "S-506",
7615
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
90 # SSH host key verification
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
91 "S-507",
7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
92 # Shell injection
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
93 "S-601",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
94 "S-602",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
95 "S-603",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
96 "S-604",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
97 "S-605",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
98 "S-606",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
99 "S-607",
7615
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
100 # SQL injection
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
101 "S-608",
7615
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
102 # Wildcard injection
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
103 "S-609",
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
104 # Django SQL injection
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
105 "S-610",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
106 "S-611",
10507
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10503
diff changeset
107 # insecure logging.config.listen()
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
108 "S-612",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
109 "S-613",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
110 "S-614",
7615
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
111 # Jinja2 templates
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
112 "S-701",
7615
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
113 # Mako templates
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
114 "S-702",
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
115 # Django XSS vulnerability
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
116 "S-703",
7622
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7619
diff changeset
117 # hardcoded AWS passwords
11147
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
118 "S-801",
dee6e106b4d3 Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11145
diff changeset
119 "S-802",
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
120 ]
11150
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
121 Category = "S"
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
122
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
123 def __init__(self, source, filename, tree, select, ignore, expected, repeat, args):
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
124 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
125 Constructor
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
126
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
127 @param source source code to be checked
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
128 @type list of str
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
129 @param filename name of the source file
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
130 @type str
8198
1c765dc90c21 Code Style Checker: changed code such, that the AST tree is built only once and passed to each checker module.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 8166
diff changeset
131 @param tree AST tree of the source code
1c765dc90c21 Code Style Checker: changed code such, that the AST tree is built only once and passed to each checker module.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 8166
diff changeset
132 @type ast.Module
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
133 @param select list of selected codes
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
134 @type list of str
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
135 @param ignore list of codes to be ignored
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
136 @type list of str
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
137 @param expected list of expected codes
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
138 @type list of str
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
139 @param repeat flag indicating to report each occurrence of a code
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
140 @type bool
7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
141 @param args dictionary of arguments for the security checks
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
142 @type dict
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
143 """
11150
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
144 super().__init__(
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
145 SecurityChecker.Category,
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
146 source,
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
147 filename,
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
148 tree,
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
149 select,
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
150 ignore,
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
151 expected,
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
152 repeat,
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
153 args,
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
154 )
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
155
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
156 checkersWithCodes = Checks.generateCheckersDict()
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
157
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
158 self.__checkers = collections.defaultdict(list)
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
159 for checkType, checkersList in checkersWithCodes.items():
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
160 for checker, codes in checkersList:
11150
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
161 if any(
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
162 not (msgCode and self._ignoreCode(msgCode)) for msgCode in codes
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
163 ):
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
164 self.__checkers[checkType].append(checker)
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
165
11150
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
166 def addError(self, lineNumber, offset, msgCode, severity, confidence, *args):
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
167 """
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
168 Public method to record an issue.
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
169
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
170 @param lineNumber line number of the issue
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
171 @type int
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
172 @param offset position within line of the issue
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
173 @type int
11150
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
174 @param msgCode message code
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
175 @type str
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
176 @param severity severity code (H = high, M = medium, L = low,
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
177 U = undefined)
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
178 @type str
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
179 @param confidence confidence code (H = high, M = medium, L = low,
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
180 U = undefined)
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
181 @type str
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
182 @param args arguments for the message
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
183 @type list
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
184 """
11150
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
185 if self._ignoreCode(msgCode):
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
186 return
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
187
11150
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
188 if msgCode in self.counters:
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
189 self.counters[msgCode] += 1
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
190 else:
11150
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
191 self.counters[msgCode] = 1
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
192
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
193 # Don't care about expected codes
11150
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
194 if msgCode in self.expected:
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
195 return
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
196
11150
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
197 if msgCode and (self.counters[msgCode] == 1 or self.repeat):
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
198 # record the issue with one based line number
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
199 self.errors.append(
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
200 {
11150
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
201 "file": self.filename,
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
202 "line": lineNumber + 1,
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
203 "offset": offset,
11150
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
204 "code": msgCode,
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
205 "args": args,
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
206 "severity": severity,
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
207 "confidence": confidence,
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
208 }
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
209 )
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
210
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
211 def getConfig(self):
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
212 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
213 Public method to get the configuration dictionary.
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
214
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
215 @return dictionary containing the configuration
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
216 @rtype dict
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
217 """
11150
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
218 return self.args
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
219
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
220 def run(self):
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
221 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
222 Public method to check the given source against security related
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
223 conditions.
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
224 """
11150
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
225 if not self.filename:
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
226 # don't do anything, if essential data is missing
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
227 return
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
228
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
229 if not self.__checkers:
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
230 # don't do anything, if no codes were selected
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
231 return
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
232
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
233 securityNodeVisitor = SecurityNodeVisitor(
11150
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
234 self, self.__checkers, self.filename, self.source
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
235 )
11150
73d80859079c Code Style Checkers
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 11147
diff changeset
236 securityNodeVisitor.generic_visit(self.tree)
10996
a3dc181d14e1 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10507
diff changeset
237 securityNodeVisitor.checkFile()

Mercurial Repository: eric

eric ide

mercurial