10996
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
1
|
# -*- coding: utf-8 -*- |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
2
|
|
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
3
|
# Copyright (c) 2024 Detlev Offenbach <detlev@die-offenbachs.de> |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
4
|
# |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
5
|
|
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
6
|
""" |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
7
|
Module implementing checks for the presence of unicode bidirectional control |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
8
|
characters in Python source files. |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
9
|
""" |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
10
|
|
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
11
|
# |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
12
|
# This is a modified version of the one found in the bandit package. |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
13
|
# |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
14
|
# Original Copyright (c) 2024 |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
15
|
# |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
16
|
# SPDX-License-Identifier: Apache-2.0 |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
17
|
# |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
18
|
|
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
19
|
from tokenize import detect_encoding |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
20
|
|
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
21
|
|
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
22
|
def getChecks(): |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
23
|
""" |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
24
|
Public method to get a dictionary with checks handled by this module. |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
25
|
|
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
26
|
@return dictionary containing checker lists containing checker function and |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
27
|
list of codes |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
28
|
@rtype dict |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
29
|
""" |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
30
|
return { |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
31
|
"File": [ |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
32
|
(checkTrojanSource, ("S613",)), |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
33
|
], |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
34
|
} |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
35
|
|
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
36
|
|
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
37
|
BIDI_CHARACTERS = ( |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
38
|
"\u202A", |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
39
|
"\u202B", |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
40
|
"\u202C", |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
41
|
"\u202D", |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
42
|
"\u202E", |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
43
|
"\u2066", |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
44
|
"\u2067", |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
45
|
"\u2068", |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
46
|
"\u2069", |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
47
|
"\u200F", |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
48
|
) |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
49
|
|
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
50
|
|
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
51
|
def checkTrojanSource(reportError, context, _config): |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
52
|
""" |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
53
|
Function to check for the presence of unicode bidirectional control |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
54
|
characters in Python source files. |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
55
|
|
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
56
|
Those characters can be embedded in comments and strings to reorder |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
57
|
source code characters in a way that changes its logic. |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
58
|
|
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
59
|
@param reportError function to be used to report errors |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
60
|
@type func |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
61
|
@param context security context object |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
62
|
@type SecurityContext |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
63
|
@param _config dictionary with configuration data (unused) |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
64
|
@type dict |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
65
|
""" |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
66
|
with open(context.filename, "rb") as srcFile: |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
67
|
encoding, _ = detect_encoding(srcFile.readline) |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
68
|
with open(context.filename, encoding=encoding) as srcFile: |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
69
|
for lineno, line in enumerate(srcFile.readlines(), start=0): |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
70
|
for char in BIDI_CHARACTERS: |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
71
|
try: |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
72
|
colOffset = line.index(char) |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
73
|
except ValueError: |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
74
|
continue |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
75
|
reportError( |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
76
|
lineno, |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
77
|
colOffset, |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
78
|
"S613", |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
79
|
"H", |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
80
|
"M", |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
81
|
repr(char), |
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
82
|
) |
