Mercurial Repositories > eric / annotate

eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityChecker.py@9ae7ca51e347 (annotated)

eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityChecker.py

Sun, 26 Jun 2022 17:21:11 +0200

author
Detlev Offenbach <detlev@die-offenbachs.de>
date
Sun, 26 Jun 2022 17:21:11 +0200
branch
eric7
changeset 9179
9ae7ca51e347
parent 8881
54e42bc2437a
permissions
-rw-r--r--

Changed default max. line length of code documentation style checker and code style fixer to 88 characters because this gives better looking code (see 'Black' tool).

7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
1 # -*- coding: utf-8 -*-
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
2
8881
54e42bc2437a Updated copyright for 2022.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 8312
diff changeset
3 # Copyright (c) 2020 - 2022 Detlev Offenbach <detlev@die-offenbachs.de>
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
4 #
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
5
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
6 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
7 Module implementing the security checker.
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
8 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
9
8198
1c765dc90c21 Code Style Checker: changed code such, that the AST tree is built only once and passed to each checker module.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 8166
diff changeset
10 import copy
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
11 import collections
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
12
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
13 from . import Checks
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
14 from .SecurityNodeVisitor import SecurityNodeVisitor
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
15
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
16
8207
d359172d11be Applied some more code simplifications suggested by the new Simplify checker.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 8198
diff changeset
17 class SecurityChecker:
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
18 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
19 Class implementing a checker for security issues.
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
20 """
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
21 Codes = [
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
22 # assert used
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
23 "S101",
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
24
7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
25 # exec used
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
26 "S102",
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
27
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
28 # bad file permissions
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
29 "S103",
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
30
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
31 # bind to all interfaces
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
32 "S104",
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
33
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
34 # hardcoded passwords
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
35 "S105", "S106", "S107"
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
36
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
37 # hardcoded tmp directory
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
38 "S108",
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
39
7615
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
40 # try-except
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
41 "S110", "S112",
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
42
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
43 # flask app
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
44 "S201",
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
45
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
46 # insecure function calls (blacklisted)
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
47 "S301", "S302", "S303", "S304", "S305", "S306", "S307", "S308", "S309",
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
48 "S310", "S311", "S312", "S313", "S314", "S315", "S316", "S317", "S318",
7619
ef2b5af23ce7 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7616
diff changeset
49 "S319", "S320", "S321", "S322", "S323", "S324",
ef2b5af23ce7 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7616
diff changeset
50
7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
51 # hashlib.new
7619
ef2b5af23ce7 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7616
diff changeset
52 "S331",
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
53
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
54 # insecure imports (blacklisted)
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
55 "S401", "S402", "S403", "S404", "S405", "S406", "S407", "S408", "S409",
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
56 "S410", "S411", "S412", "S413",
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
57
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
58 # insecure certificate usage
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
59 "S501",
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
60
7615
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
61 # insecure SSL/TLS protocol version
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
62 "S502", "S503", "S504",
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
63
7616
01d646569115 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7615
diff changeset
64 # weak cryptographic keys
01d646569115 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7615
diff changeset
65 "S505",
01d646569115 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7615
diff changeset
66
7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
67 # YAML load
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
68 "S506",
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
69
7615
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
70 # SSH host key verification
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
71 "S507",
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
72
7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
73 # Shell injection
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
74 "S601", "S602", "S603", "S604", "S605", "S606", "S607",
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
75
7615
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
76 # SQL injection
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
77 "S608",
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
78
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
79 # Wildcard injection
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
80 "S609",
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
81
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
82 # Django SQL injection
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
83 "S610", "S611",
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
84
7615
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
85 # Jinja2 templates
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
86 "S701",
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
87
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
88 # Mako templates
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
89 "S702",
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
90
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
91 # Django XSS vulnerability
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
92 "S703",
7615
ca2949b1a29a Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
93
7622
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7619
diff changeset
94 # hardcoded AWS passwords
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7619
diff changeset
95 "S801", "S802",
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
96 ]
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
97
8198
1c765dc90c21 Code Style Checker: changed code such, that the AST tree is built only once and passed to each checker module.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 8166
diff changeset
98 def __init__(self, source, filename, tree, select, ignore, expected,
1c765dc90c21 Code Style Checker: changed code such, that the AST tree is built only once and passed to each checker module.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 8166
diff changeset
99 repeat, args):
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
100 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
101 Constructor
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
102
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
103 @param source source code to be checked
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
104 @type list of str
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
105 @param filename name of the source file
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
106 @type str
8198
1c765dc90c21 Code Style Checker: changed code such, that the AST tree is built only once and passed to each checker module.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 8166
diff changeset
107 @param tree AST tree of the source code
1c765dc90c21 Code Style Checker: changed code such, that the AST tree is built only once and passed to each checker module.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 8166
diff changeset
108 @type ast.Module
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
109 @param select list of selected codes
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
110 @type list of str
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
111 @param ignore list of codes to be ignored
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
112 @type list of str
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
113 @param expected list of expected codes
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
114 @type list of str
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
115 @param repeat flag indicating to report each occurrence of a code
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
116 @type bool
7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7613
diff changeset
117 @param args dictionary of arguments for the security checks
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
118 @type dict
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
119 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
120 self.__select = tuple(select)
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
121 self.__ignore = ('',) if select else tuple(ignore)
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
122 self.__expected = expected[:]
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
123 self.__repeat = repeat
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
124 self.__filename = filename
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
125 self.__source = source[:]
8198
1c765dc90c21 Code Style Checker: changed code such, that the AST tree is built only once and passed to each checker module.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 8166
diff changeset
126 self.__tree = copy.deepcopy(tree)
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
127 self.__args = args
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
128
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
129 # statistics counters
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
130 self.counters = {}
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
131
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
132 # collection of detected errors
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
133 self.errors = []
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
134
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
135 checkersWithCodes = Checks.generateCheckersDict()
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
136
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
137 self.__checkers = collections.defaultdict(list)
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
138 for checkType, checkersList in checkersWithCodes.items():
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
139 for checker, codes in checkersList:
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
140 if any(not (code and self.__ignoreCode(code))
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
141 for code in codes):
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
142 self.__checkers[checkType].append(checker)
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
143
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
144 def __ignoreCode(self, code):
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
145 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
146 Private method to check if the message code should be ignored.
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
147
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
148 @param code message code to check for
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
149 @type str
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
150 @return flag indicating to ignore the given code
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
151 @rtype bool
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
152 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
153 return (code.startswith(self.__ignore) and
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
154 not code.startswith(self.__select))
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
155
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
156 def reportError(self, lineNumber, offset, code, severity, confidence,
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
157 *args):
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
158 """
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
159 Public method to record an issue.
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
160
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
161 @param lineNumber line number of the issue
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
162 @type int
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
163 @param offset position within line of the issue
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
164 @type int
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
165 @param code message code
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
166 @type str
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
167 @param severity severity code (H = high, M = medium, L = low,
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
168 U = undefined)
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
169 @type str
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
170 @param confidence confidence code (H = high, M = medium, L = low,
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
171 U = undefined)
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
172 @type str
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
173 @param args arguments for the message
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
174 @type list
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
175 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
176 if self.__ignoreCode(code):
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
177 return
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
178
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
179 if code in self.counters:
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
180 self.counters[code] += 1
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
181 else:
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
182 self.counters[code] = 1
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
183
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
184 # Don't care about expected codes
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
185 if code in self.__expected:
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
186 return
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
187
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
188 if code and (self.counters[code] == 1 or self.__repeat):
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
189 # record the issue with one based line number
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
190 self.errors.append({
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
191 "file": self.__filename,
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
192 "line": lineNumber + 1,
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
193 "offset": offset,
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
194 "code": code,
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
195 "args": args,
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
196 "severity": severity,
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
197 "confidence": confidence,
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
198 })
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
199
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
200 def getConfig(self):
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
201 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
202 Public method to get the configuration dictionary.
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
203
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
204 @return dictionary containing the configuration
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
205 @rtype dict
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
206 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
207 return self.__args
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
208
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
209 def run(self):
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
210 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
211 Public method to check the given source against security related
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
212 conditions.
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
213 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
214 if not self.__filename:
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
215 # don't do anything, if essential data is missing
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
216 return
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
217
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
218 if not self.__checkers:
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
219 # don't do anything, if no codes were selected
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
220 return
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
221
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
222 securityNodeVisitor = SecurityNodeVisitor(
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
223 self, self.__checkers, self.__filename)
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
224 securityNodeVisitor.generic_visit(self.__tree)

Mercurial Repository: eric

eric ide

mercurial