Mercurial Repositories > eric / annotate
src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/trojanSource.py@c48c615c04a3 (annotated)
src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/trojanSource.py
Sat, 26 Apr 2025 12:34:32 +0200
- author
- Detlev Offenbach <detlev@die-offenbachs.de>
- date
- Sat, 26 Apr 2025 12:34:32 +0200
- branch
- eric7
- changeset 11240
- c48c615c04a3
- parent 11147
- dee6e106b4d3
- permissions
- -rw-r--r--
MicroPython
- Added a configuration option to disable the support for the no longer produced Pimoroni Pico Wireless Pack.
| 10996 | 1 | # -*- coding: utf-8 -*- |
| 2 | ||
|
11090
f5f5f5803935
Updated copyright for 2025.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
10996
diff
changeset
|
3 | # Copyright (c) 2024 - 2025 Detlev Offenbach <detlev@die-offenbachs.de> |
| 10996 | 4 | # |
| 5 | ||
| 6 | """ | |
| 7 | Module implementing checks for the presence of unicode bidirectional control | |
| 8 | characters in Python source files. | |
| 9 | """ | |
| 10 | ||
| 11 | # | |
| 12 | # This is a modified version of the one found in the bandit package. | |
| 13 | # | |
| 14 | # Original Copyright (c) 2024 | |
| 15 | # | |
| 16 | # SPDX-License-Identifier: Apache-2.0 | |
| 17 | # | |
| 18 | ||
| 19 | from tokenize import detect_encoding | |
| 20 | ||
| 21 | ||
| 22 | def getChecks(): | |
| 23 | """ | |
| 24 | Public method to get a dictionary with checks handled by this module. | |
| 25 | ||
| 26 | @return dictionary containing checker lists containing checker function and | |
| 27 | list of codes | |
| 28 | @rtype dict | |
| 29 | """ | |
| 30 | return { | |
| 31 | "File": [ | |
|
11147
dee6e106b4d3
Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
11124
diff
changeset
|
32 | (checkTrojanSource, ("S-613",)), |
| 10996 | 33 | ], |
| 34 | } | |
| 35 | ||
| 36 | ||
| 37 | BIDI_CHARACTERS = ( | |
|
11124
f475e4e210d2
Corrected some code formatting issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
11090
diff
changeset
|
38 | "\u202a", |
|
f475e4e210d2
Corrected some code formatting issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
11090
diff
changeset
|
39 | "\u202b", |
|
f475e4e210d2
Corrected some code formatting issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
11090
diff
changeset
|
40 | "\u202c", |
|
f475e4e210d2
Corrected some code formatting issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
11090
diff
changeset
|
41 | "\u202d", |
|
f475e4e210d2
Corrected some code formatting issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
11090
diff
changeset
|
42 | "\u202e", |
| 10996 | 43 | "\u2066", |
| 44 | "\u2067", | |
| 45 | "\u2068", | |
| 46 | "\u2069", | |
|
11124
f475e4e210d2
Corrected some code formatting issues.
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
11090
diff
changeset
|
47 | "\u200f", |
| 10996 | 48 | ) |
| 49 | ||
| 50 | ||
| 51 | def checkTrojanSource(reportError, context, _config): | |
| 52 | """ | |
| 53 | Function to check for the presence of unicode bidirectional control | |
| 54 | characters in Python source files. | |
| 55 | ||
| 56 | Those characters can be embedded in comments and strings to reorder | |
| 57 | source code characters in a way that changes its logic. | |
| 58 | ||
| 59 | @param reportError function to be used to report errors | |
| 60 | @type func | |
| 61 | @param context security context object | |
| 62 | @type SecurityContext | |
| 63 | @param _config dictionary with configuration data (unused) | |
| 64 | @type dict | |
| 65 | """ | |
| 66 | with open(context.filename, "rb") as srcFile: | |
| 67 | encoding, _ = detect_encoding(srcFile.readline) | |
| 68 | with open(context.filename, encoding=encoding) as srcFile: | |
| 69 | for lineno, line in enumerate(srcFile.readlines(), start=0): | |
| 70 | for char in BIDI_CHARACTERS: | |
| 71 | try: | |
| 72 | colOffset = line.index(char) | |
| 73 | except ValueError: | |
| 74 | continue | |
| 75 | reportError( | |
| 76 | lineno, | |
| 77 | colOffset, | |
|
11147
dee6e106b4d3
Modified the code style checker such, that the issue category and issue number are separated by a '-' to make up the issue code (e.g E-901).
Detlev Offenbach <detlev@die-offenbachs.de>
parents:
11124
diff
changeset
|
78 | "S-613", |
| 10996 | 79 | "H", |
| 80 | "M", | |
| 81 | repr(char), | |
| 82 | ) |
