Mercurial Repositories > eric / annotate

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/prohibitedCalls.py@a3dc181d14e1 (annotated)

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/prohibitedCalls.py

Mon, 21 Oct 2024 19:31:11 +0200

author
Detlev Offenbach <detlev@die-offenbachs.de>
date
Mon, 21 Oct 2024 19:31:11 +0200
branch
eric7
changeset 10996
a3dc181d14e1
parent 10683
779cda568acb
child 11090
f5f5f5803935
permissions
-rw-r--r--

Code Style Checker
- Updated the security checkers to `bandit` v1.7.10.

7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
1 # -*- coding: utf-8 -*-
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
2
10439
21c28b0f9e41 Updated copyright for 2024.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10373
diff changeset
3 # Copyright (c) 2020 - 2024 Detlev Offenbach <detlev@die-offenbachs.de>
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
4 #
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
5
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
6 """
10503
6a37b6ac3928 Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
7 Module implementing checks for prohibited methods and functions.
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
8 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
9
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
10 #
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
11 # This is a modified version of the one found in the bandit package.
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
12 #
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
13 # Original Copyright 2016 Hewlett-Packard Development Company, L.P.
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
14 #
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
15 # SPDX-License-Identifier: Apache-2.0
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
16 #
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
17
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
18 import ast
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
19 import fnmatch
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
20 import sys
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
21
7622
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7619
diff changeset
22 import AstUtilities
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7619
diff changeset
23
10503
6a37b6ac3928 Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
24 _prohibitedCalls = {
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
25 "S301": (
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
26 [
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
27 "pickle.loads",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
28 "pickle.load",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
29 "pickle.Unpickler",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
30 "cPickle.loads",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
31 "cPickle.load",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
32 "cPickle.Unpickler",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
33 "dill.loads",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
34 "dill.load",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
35 "dill.Unpickler",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
36 "shelve.open",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
37 "shelve.DbfilenameShelf",
10507
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10503
diff changeset
38 "jsonpickle.decode",
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10503
diff changeset
39 "jsonpickle.unpickler.decode",
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10503
diff changeset
40 "jsonpickle.unpickler.Unpickler",
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10503
diff changeset
41 "pandas.read_pickle",
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
42 ],
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
43 "M",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
44 ),
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
45 "S302": (["marshal.load", "marshal.loads"], "M"),
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
46 }
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
47 if sys.version_info >= (3, 9):
10503
6a37b6ac3928 Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
48 _prohibitedCalls["S303"] = (
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
49 [
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
50 "Crypto.Hash.MD2.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
51 "Crypto.Hash.MD4.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
52 "Crypto.Hash.MD5.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
53 "Crypto.Hash.SHA.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
54 "Cryptodome.Hash.MD2.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
55 "Cryptodome.Hash.MD4.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
56 "Cryptodome.Hash.MD5.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
57 "Cryptodome.Hash.SHA.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
58 "cryptography.hazmat.primitives.hashes.MD5",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
59 "cryptography.hazmat.primitives.hashes.SHA1",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
60 ],
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
61 "M",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
62 )
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
63 else:
10503
6a37b6ac3928 Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
64 _prohibitedCalls["S303"] = (
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
65 [
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
66 "hashlib.md4",
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
67 "hashlib.md5",
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
68 "hashlib.sha",
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
69 "hashlib.sha1",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
70 "Crypto.Hash.MD2.new",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
71 "Crypto.Hash.MD4.new",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
72 "Crypto.Hash.MD5.new",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
73 "Crypto.Hash.SHA.new",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
74 "Cryptodome.Hash.MD2.new",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
75 "Cryptodome.Hash.MD4.new",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
76 "Cryptodome.Hash.MD5.new",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
77 "Cryptodome.Hash.SHA.new",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
78 "cryptography.hazmat.primitives.hashes.MD5",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
79 "cryptography.hazmat.primitives.hashes.SHA1",
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
80 ],
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
81 "M",
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
82 )
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
83
10503
6a37b6ac3928 Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
84 _prohibitedCalls.update(
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
85 {
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
86 "S304": (
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
87 [
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
88 "Crypto.Cipher.ARC2.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
89 "Crypto.Cipher.ARC4.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
90 "Crypto.Cipher.Blowfish.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
91 "Crypto.Cipher.DES.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
92 "Crypto.Cipher.XOR.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
93 "Cryptodome.Cipher.ARC2.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
94 "Cryptodome.Cipher.ARC4.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
95 "Cryptodome.Cipher.Blowfish.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
96 "Cryptodome.Cipher.DES.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
97 "Cryptodome.Cipher.XOR.new",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
98 "cryptography.hazmat.primitives.ciphers.algorithms.ARC4",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
99 "cryptography.hazmat.primitives.ciphers.algorithms.Blowfish",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
100 "cryptography.hazmat.primitives.ciphers.algorithms.IDEA",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
101 ],
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
102 "H",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
103 ),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
104 "S305": (["cryptography.hazmat.primitives.ciphers.modes.ECB"], "M"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
105 "S306": (["tempfile.mktemp"], "M"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
106 "S307": (["eval"], "M"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
107 "S308": (["django.utils.safestring.mark_safe"], "M"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
108 "S310": (
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
109 [
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
110 "urllib.request.urlopen",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
111 "urllib.request.urlretrieve",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
112 "urllib.request.URLopener",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
113 "urllib.request.FancyURLopener",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
114 "six.moves.urllib.request.urlopen",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
115 "six.moves.urllib.request.urlretrieve",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
116 "six.moves.urllib.request.URLopener",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
117 "six.moves.urllib.request.FancyURLopener",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
118 ],
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
119 "",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
120 ),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
121 "S311": (
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
122 [
10507
d1c6608155ef Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10503
diff changeset
123 "random.Random",
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
124 "random.random",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
125 "random.randrange",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
126 "random.randint",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
127 "random.choice",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
128 "random.choices",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
129 "random.uniform",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
130 "random.triangular",
10638
12558008c269 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10507
diff changeset
131 "random.randbytes",
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
132 ],
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
133 "L",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
134 ),
10996
a3dc181d14e1 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10683
diff changeset
135 "S312": (["telnetlib.Telnet"], "H"),
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
136 "S313": (
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
137 [
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
138 "xml.etree.cElementTree.parse",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
139 "xml.etree.cElementTree.iterparse",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
140 "xml.etree.cElementTree.fromstring",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
141 "xml.etree.cElementTree.XMLParser",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
142 ],
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
143 "M",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
144 ),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
145 "S314": (
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
146 [
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
147 "xml.etree.ElementTree.parse",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
148 "xml.etree.ElementTree.iterparse",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
149 "xml.etree.ElementTree.fromstring",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
150 "xml.etree.ElementTree.XMLParser",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
151 ],
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
152 "M",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
153 ),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
154 "S315": (["xml.sax.expatreader.create_parser"], "M"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
155 "S316": (
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
156 ["xml.dom.expatbuilder.parse", "xml.dom.expatbuilder.parseString"],
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
157 "M",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
158 ),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
159 "S317": (["xml.sax.parse", "xml.sax.parseString", "xml.sax.make_parser"], "M"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
160 "S318": (["xml.dom.minidom.parse", "xml.dom.minidom.parseString"], "M"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
161 "S319": (["xml.dom.pulldom.parse", "xml.dom.pulldom.parseString"], "M"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
162 "S320": (
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
163 [
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
164 "lxml.etree.parse",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
165 "lxml.etree.fromstring",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
166 "lxml.etree.RestrictedElement",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
167 "lxml.etree.GlobalParserTLS",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
168 "lxml.etree.getDefaultParser",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
169 "lxml.etree.check_docinfo",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
170 ],
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
171 "M",
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
172 ),
10996
a3dc181d14e1 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10683
diff changeset
173 "S321": (["ftplib.FTP"], "H"),
9325
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
174 "S322": (["input"], "H"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
175 "S323": (["ssl._create_unverified_context"], "M"),
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
176 }
8157eb19aba5 Code Style Checker
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9221
diff changeset
177 )
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
178
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
179
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
180 def getChecks():
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
181 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
182 Public method to get a dictionary with checks handled by this module.
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
183
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
184 @return dictionary containing checker lists containing checker function and
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
185 list of codes
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
186 @rtype dict
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
187 """
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
188 return {
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
189 "Call": [
10503
6a37b6ac3928 Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
190 (checkProhibitedCalls, tuple(_prohibitedCalls)),
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
191 ],
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
192 }
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
193
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
194
10683
779cda568acb Changed the source code and the source code documentation to improve the indication of unused method/function arguments.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10638
diff changeset
195 def checkProhibitedCalls(reportError, context, _config):
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
196 """
10503
6a37b6ac3928 Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
197 Function to check for prohibited method calls.
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
198
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
199 @param reportError function to be used to report errors
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
200 @type func
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
201 @param context security context object
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
202 @type SecurityContext
10683
779cda568acb Changed the source code and the source code documentation to improve the indication of unused method/function arguments.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10638
diff changeset
203 @param _config dictionary with configuration data (unused)
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
204 @type dict
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
205 """
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
206 nodeType = context.node.__class__.__name__
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
207
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
208 if nodeType == "Call":
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
209 func = context.node.func
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
210 if isinstance(func, ast.Name) and func.id == "__import__":
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
211 if len(context.node.args):
7622
384e2aa5c073 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7619
diff changeset
212 if AstUtilities.isString(context.node.args[0]):
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
213 name = context.node.args[0].s
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
214 else:
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
215 name = "UNKNOWN"
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
216 else:
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
217 name = "" # handle '__import__()'
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
218 else:
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
219 name = context.callFunctionNameQual
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
220 # In the case the Call is an importlib.import, treat the first
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
221 # argument name as an actual import module name.
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
222 # Will produce None if argument is not a literal or identifier.
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
223 if name in ["importlib.import_module", "importlib.__import__"]:
7629
21fea11a82fa blackListCalls: fixed an porting issue.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7622
diff changeset
224 name = context.callArgs[0]
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
225
10503
6a37b6ac3928 Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
226 for code in _prohibitedCalls:
6a37b6ac3928 Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 10439
diff changeset
227 qualnames, severity = _prohibitedCalls[code]
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
228 for qualname in qualnames:
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
229 if name and fnmatch.fnmatch(name, qualname):
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
230 reportError(
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
231 context.node.lineno - 1,
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
232 context.node.col_offset,
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
233 code,
7613
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
234 severity,
382f89c11e27 Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7612
diff changeset
235 "H",
9221
bf71ee032bb4 Reformatted the source code using the 'Black' utility.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 9209
diff changeset
236 name,
7612
ca1ce1e0fcff Code Style Checker: started to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
237 )

Mercurial Repository: eric

eric ide

mercurial