Mercurial Repositories > eric / annotate
eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityDefaults.py@cd41c844862f (annotated)
eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityDefaults.py
Fri, 22 Jan 2021 16:48:43 +0100
- author
- Detlev Offenbach <detlev@die-offenbachs.de>
- date
- Fri, 22 Jan 2021 16:48:43 +0100
- changeset 7998
- cd41c844862f
- parent 7923
- 91e843545d9a
- permissions
- -rw-r--r--
Editor
- added functionality to insert docstring templates via the context menu (cursor placed on first line of function definition) or after entering the docstring start string (e.g. """ for Python)
|
7614
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
1 | # -*- coding: utf-8 -*- |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
2 | |
|
7923
91e843545d9a
Updated copyright for 2021.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7628
diff
changeset
|
3 | # Copyright (c) 2020 - 2021 Detlev Offenbach <detlev@die-offenbachs.de> |
|
7614
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
4 | # |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
5 | |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
6 | """ |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
7 | Module implementing the default values for some check modules. |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
8 | """ |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
9 | |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
10 | SecurityDefaults = { |
|
7615
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
11 | # generalHardcodedTmp.py |
|
7614
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
12 | "hardcoded_tmp_directories": ["/tmp", "/var/tmp", "/dev/shm", "~/tmp"], |
|
7628
f904d0eef264
Checked the reported security related issue reports generated by the new security checker.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7616
diff
changeset
|
13 | # secok |
|
7615
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
14 | |
|
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
15 | # insecureHashlibNew.py |
|
7614
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
16 | "insecure_hashes": ['md4', 'md5', 'sha', 'sha1'], |
|
7615
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
17 | |
|
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
18 | # injectionShell.py |
|
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
19 | # injectionWildcard.py |
|
7614
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
20 | "shell_injection_subprocess": [ |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
21 | 'subprocess.Popen', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
22 | 'subprocess.call', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
23 | 'subprocess.check_call', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
24 | 'subprocess.check_output', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
25 | 'subprocess.run'], |
|
7615
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
26 | |
|
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
27 | # injectionShell.py |
|
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
28 | # injectionWildcard.py |
|
7614
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
29 | "shell_injection_shell": [ |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
30 | 'os.system', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
31 | 'os.popen', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
32 | 'os.popen2', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
33 | 'os.popen3', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
34 | 'os.popen4', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
35 | 'popen2.popen2', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
36 | 'popen2.popen3', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
37 | 'popen2.popen4', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
38 | 'popen2.Popen3', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
39 | 'popen2.Popen4', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
40 | 'commands.getoutput', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
41 | 'commands.getstatusoutput'], |
|
7615
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
42 | |
|
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
43 | # injectionShell.py |
|
7614
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
44 | "shell_injection_noshell": [ |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
45 | 'os.execl', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
46 | 'os.execle', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
47 | 'os.execlp', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
48 | 'os.execlpe', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
49 | 'os.execv', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
50 | 'os.execve', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
51 | 'os.execvp', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
52 | 'os.execvpe', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
53 | 'os.spawnl', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
54 | 'os.spawnle', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
55 | 'os.spawnlp', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
56 | 'os.spawnlpe', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
57 | 'os.spawnv', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
58 | 'os.spawnve', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
59 | 'os.spawnvp', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
60 | 'os.spawnvpe', |
|
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
61 | 'os.startfile'], |
|
7615
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
62 | |
|
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
63 | # insecureSslTls.py |
|
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
64 | "insecure_ssl_protocol_versions": [ |
|
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
65 | 'PROTOCOL_SSLv2', |
|
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
66 | 'SSLv2_METHOD', |
|
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
67 | 'SSLv23_METHOD', |
|
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
68 | 'PROTOCOL_SSLv3', |
|
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
69 | 'PROTOCOL_TLSv1', |
|
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
70 | 'SSLv3_METHOD', |
|
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
71 | 'TLSv1_METHOD'], |
|
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
72 | |
|
ca2949b1a29a
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7614
diff
changeset
|
73 | # tryExcept.py |
|
7616
01d646569115
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7615
diff
changeset
|
74 | "check_typed_exception": False, |
|
01d646569115
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7615
diff
changeset
|
75 | |
|
01d646569115
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7615
diff
changeset
|
76 | # weakCryptographicKey.py |
|
01d646569115
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7615
diff
changeset
|
77 | "weak_key_size_dsa_high": 1024, |
|
01d646569115
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7615
diff
changeset
|
78 | "weak_key_size_dsa_medium": 2048, |
|
01d646569115
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7615
diff
changeset
|
79 | "weak_key_size_rsa_high": 1024, |
|
01d646569115
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7615
diff
changeset
|
80 | "weak_key_size_rsa_medium": 2048, |
|
01d646569115
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7615
diff
changeset
|
81 | "weak_key_size_ec_high": 160, |
|
01d646569115
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7615
diff
changeset
|
82 | "weak_key_size_ec_medium": 224, |
|
01d646569115
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
7615
diff
changeset
|
83 | |
|
7614
646742c260bd
Code Style Checker: continued to implement checker for security related issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
diff
changeset
|
84 | } |
