Mercurial Repositories > eric / annotate

eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/generalFilePermissions.py@cd41c844862f (annotated)

eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/generalFilePermissions.py

Fri, 22 Jan 2021 16:48:43 +0100

author
Detlev Offenbach <detlev@die-offenbachs.de>
date
Fri, 22 Jan 2021 16:48:43 +0100
changeset 7998
cd41c844862f
parent 7923
91e843545d9a
child 8222
5994b80b8760
permissions
-rw-r--r--

Editor
- added functionality to insert docstring templates via the context menu (cursor placed on first line of function definition) or after entering the docstring start string (e.g. """ for Python)

7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
1 # -*- coding: utf-8 -*-
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
2
7923
91e843545d9a Updated copyright for 2021.
Detlev Offenbach <detlev@die-offenbachs.de>
parents: 7614
diff changeset
3 # Copyright (c) 2020 - 2021 Detlev Offenbach <detlev@die-offenbachs.de>
7614
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
4 #
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
5
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
6 """
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
7 Module implementing a check for setting too permissive file permissions.
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
8 """
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
9
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
10 #
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
11 # This is a modified version of the one found in the bandit package.
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
12 #
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
13 # Original Copyright 2014 Hewlett-Packard Development Company, L.P.
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
14 #
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
15 # SPDX-License-Identifier: Apache-2.0
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
16 #
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
17
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
18 import stat
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
19
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
20
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
21 def getChecks():
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
22 """
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
23 Public method to get a dictionary with checks handled by this module.
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
24
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
25 @return dictionary containing checker lists containing checker function and
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
26 list of codes
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
27 @rtype dict
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
28 """
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
29 return {
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
30 "Call": [
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
31 (checkFilePermissions, ("S102",)),
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
32 ],
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
33 }
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
34
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
35
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
36 def checkFilePermissions(reportError, context, config):
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
37 """
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
38 Function to check for setting too permissive file permissions.
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
39
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
40 @param reportError function to be used to report errors
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
41 @type func
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
42 @param context security context object
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
43 @type SecurityContext
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
44 @param config dictionary with configuration data
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
45 @type dict
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
46 """
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
47 if 'chmod' in context.callFunctionName:
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
48 if context.callArgsCount == 2:
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
49 mode = context.getCallArgAtPosition(1)
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
50
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
51 if (
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
52 mode is not None and
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
53 isinstance(mode, int) and
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
54 (mode & stat.S_IWOTH or mode & stat.S_IXGRP)
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
55 ):
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
56 # world writable is an HIGH, group executable is a MEDIUM
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
57 if mode & stat.S_IWOTH:
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
58 severity = "H"
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
59 else:
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
60 severity = "M"
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
61
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
62 filename = context.getCallArgAtPosition(0)
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
63 if filename is None:
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
64 filename = 'NOT PARSED'
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
65
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
66 reportError(
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
67 context.node.lineno - 1,
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
68 context.node.col_offset,
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
69 "S103",
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
70 severity,
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
71 "H",
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
72 oct(mode),
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
73 filename
646742c260bd Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff changeset
74 )

Mercurial Repository: eric

eric ide

mercurial