Mercurial Repositories > eric / annotate
src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/snmpSecurity.py@c48c615c04a3 (annotated)
src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/snmpSecurity.py
Sat, 26 Apr 2025 12:34:32 +0200
- author
- Detlev Offenbach <detlev@die-offenbachs.de>
- date
- Sat, 26 Apr 2025 12:34:32 +0200
- branch
- eric7
- changeset 11240
- c48c615c04a3
- parent 11147
- dee6e106b4d3
- permissions
- -rw-r--r--
MicroPython
- Added a configuration option to disable the support for the no longer produced Pimoroni Pico Wireless Pack.
| 9325 | 1 | # -*- coding: utf-8 -*- |
| 2 | ||
|
11090
f5f5f5803935
Updated copyright for 2025.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
10683
diff
changeset
|
3 | # Copyright (c) 2022 - 2025 Detlev Offenbach <detlev@die-offenbachs.de> |
| 9325 | 4 | # |
| 5 | ||
| 6 | """ | |
| 7 | Module implementing checks for the insecure use of SNMP. | |
| 8 | """ | |
| 9 | ||
| 10 | # | |
| 11 | # This is a modified version of the one found in the bandit package. | |
| 12 | # | |
| 13 | # Original Copyright (c) 2018 SolarWinds, Inc. | |
| 14 | # | |
| 15 | # SPDX-License-Identifier: Apache-2.0 | |
| 16 | # | |
| 17 | ||
| 18 | ||
| 19 | def getChecks(): | |
| 20 | """ | |
| 21 | Public method to get a dictionary with checks handled by this module. | |
| 22 | ||
| 23 | @return dictionary containing checker lists containing checker function and | |
| 24 | list of codes | |
| 25 | @rtype dict | |
| 26 | """ | |
| 27 | return { | |
| 28 | "Call": [ | |
|
11147
dee6e106b4d3
Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
11090
diff
changeset
|
29 | (checkInsecureVersion, ("S-508",)), |
|
dee6e106b4d3
Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
11090
diff
changeset
|
30 | (checkWeakCryptography, ("S-509",)), |
| 9325 | 31 | ], |
| 32 | } | |
| 33 | ||
| 34 | ||
|
10683
779cda568acb
Changed the source code and the source code documentation to improve the indication of unused method/function arguments.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
10439
diff
changeset
|
35 | def checkInsecureVersion(reportError, context, _config): |
| 9325 | 36 | """ |
| 37 | Function to check for the use of insecure SNMP version like | |
| 38 | v1, v2c. | |
| 39 | ||
| 40 | @param reportError function to be used to report errors | |
| 41 | @type func | |
| 42 | @param context security context object | |
| 43 | @type SecurityContext | |
|
10683
779cda568acb
Changed the source code and the source code documentation to improve the indication of unused method/function arguments.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
10439
diff
changeset
|
44 | @param _config dictionary with configuration data (unused) |
| 9325 | 45 | @type dict |
| 46 | """ | |
| 47 | if context.callFunctionNameQual == "pysnmp.hlapi.CommunityData" and ( | |
| 48 | context.checkCallArgValue("mpModel", 0) | |
| 49 | or context.check_call_arg_value("mpModel", 1) | |
| 50 | ): | |
| 51 | # We called community data. Lets check our args | |
| 52 | reportError( | |
| 53 | context.node.lineno - 1, | |
| 54 | context.node.col_offset, | |
|
11147
dee6e106b4d3
Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
11090
diff
changeset
|
55 | "S-508", |
| 9325 | 56 | "M", |
| 57 | "H", | |
| 58 | ) | |
| 59 | ||
| 60 | ||
|
10683
779cda568acb
Changed the source code and the source code documentation to improve the indication of unused method/function arguments.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
10439
diff
changeset
|
61 | def checkWeakCryptography(reportError, context, _config): |
| 9325 | 62 | """ |
| 63 | Function to check for the use of insecure SNMP cryptography | |
| 64 | (i.e. v3 using noAuthNoPriv). | |
| 65 | ||
| 66 | @param reportError function to be used to report errors | |
| 67 | @type func | |
| 68 | @param context security context object | |
| 69 | @type SecurityContext | |
|
10683
779cda568acb
Changed the source code and the source code documentation to improve the indication of unused method/function arguments.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
10439
diff
changeset
|
70 | @param _config dictionary with configuration data (unused) |
| 9325 | 71 | @type dict |
| 72 | """ | |
| 73 | if ( | |
| 74 | context.callFunctionNameQual == "pysnmp.hlapi.UsmUserData" | |
| 75 | and context.callArgsCount < 3 | |
| 76 | ): | |
|
11147
dee6e106b4d3
Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
11090
diff
changeset
|
77 | reportError(context.node.lineno - 1, context.node.col_offset, "S-509", "M", "H") |
