Mercurial Repositories > eric / file comparison
comparison: src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/injectionSql.py
src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/injectionSql.py
- branch
- eric7
- changeset 10169
- 0f70a4ef4592
- parent 10069
- 435cc5875135
- child 10439
- 21c28b0f9e41
equal
deleted
inserted
replaced
| 10168:8312e0e76795 | 10169:0f70a4ef4592 |
|---|---|
| 60 def _evaluateAst(node): | 60 def _evaluateAst(node): |
| 61 """ | 61 """ |
| 62 Function to analyze the given ast node. | 62 Function to analyze the given ast node. |
| 63 | 63 |
| 64 @param node ast node to be analyzed | 64 @param node ast node to be analyzed |
| 65 @type ast.Str | 65 @type ast.Constant |
| 66 @return tuple containing a flag indicating an execute call and | 66 @return tuple containing a flag indicating an execute call and |
| 67 the resulting statement | 67 the resulting statement |
| 68 @rtype tuple of (bool, str) | 68 @rtype tuple of (bool, str) |
| 69 """ | 69 """ |
| 70 wrapper = None | 70 wrapper = None |
| 76 statement = out[1] | 76 statement = out[1] |
| 77 elif ( | 77 elif ( |
| 78 isinstance(node._securityParent, ast.Attribute) | 78 isinstance(node._securityParent, ast.Attribute) |
| 79 and node._securityParent.attr == "format" | 79 and node._securityParent.attr == "format" |
| 80 ): | 80 ): |
| 81 statement = node.s | 81 statement = node.value |
| 82 # Hierarchy for "".format() is Wrapper -> Call -> Attribute -> Str | 82 # Hierarchy for "".format() is Wrapper -> Call -> Attribute -> Str |
| 83 wrapper = node._securityParent._securityParent._securityParent | 83 wrapper = node._securityParent._securityParent._securityParent |
| 84 elif hasattr(ast, "JoinedStr") and isinstance(node._securityParent, ast.JoinedStr): | 84 elif hasattr(ast, "JoinedStr") and isinstance(node._securityParent, ast.JoinedStr): |
| 85 statement = node.s | 85 statement = node.value |
| 86 wrapper = node._securityParent._securityParent | 86 wrapper = node._securityParent._securityParent |
| 87 | 87 |
| 88 if isinstance(wrapper, ast.Call): # wrapped in "execute" call? | 88 if isinstance(wrapper, ast.Call): # wrapped in "execute" call? |
| 89 names = ["execute", "executemany"] | 89 names = ["execute", "executemany"] |
| 90 name = SecurityUtils.getCalledName(wrapper) | 90 name = SecurityUtils.getCalledName(wrapper) |
