Mercurial Repositories > eric / file comparison
comparison: eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityChecker.py
eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityChecker.py
- changeset 8198
- 1c765dc90c21
- parent 8166
- bd5cd5858503
- child 8207
- d359172d11be
equal
deleted
inserted
replaced
| 8197:9037d09ed87c | 8198:1c765dc90c21 |
|---|---|
| 5 | 5 |
| 6 """ | 6 """ |
| 7 Module implementing the security checker. | 7 Module implementing the security checker. |
| 8 """ | 8 """ |
| 9 | 9 |
| 10 import sys | 10 import copy |
| 11 import ast | |
| 12 import collections | 11 import collections |
| 13 | 12 |
| 14 from . import Checks | 13 from . import Checks |
| 15 from .SecurityNodeVisitor import SecurityNodeVisitor | 14 from .SecurityNodeVisitor import SecurityNodeVisitor |
| 16 | 15 |
| 92 # Django XSS vulnerability | 91 # Django XSS vulnerability |
| 93 "S703", | 92 "S703", |
| 94 | 93 |
| 95 # hardcoded AWS passwords | 94 # hardcoded AWS passwords |
| 96 "S801", "S802", | 95 "S801", "S802", |
| 97 | |
| 98 # Syntax error | |
| 99 "S999", | |
| 100 ] | 96 ] |
| 101 | 97 |
| 102 def __init__(self, source, filename, select, ignore, expected, repeat, | 98 def __init__(self, source, filename, tree, select, ignore, expected, |
| 103 args): | 99 repeat, args): |
| 104 """ | 100 """ |
| 105 Constructor | 101 Constructor |
| 106 | 102 |
| 107 @param source source code to be checked | 103 @param source source code to be checked |
| 108 @type list of str | 104 @type list of str |
| 109 @param filename name of the source file | 105 @param filename name of the source file |
| 110 @type str | 106 @type str |
| 107 @param tree AST tree of the source code | |
| 108 @type ast.Module | |
| 111 @param select list of selected codes | 109 @param select list of selected codes |
| 112 @type list of str | 110 @type list of str |
| 113 @param ignore list of codes to be ignored | 111 @param ignore list of codes to be ignored |
| 114 @type list of str | 112 @type list of str |
| 115 @param expected list of expected codes | 113 @param expected list of expected codes |
| 123 self.__ignore = ('',) if select else tuple(ignore) | 121 self.__ignore = ('',) if select else tuple(ignore) |
| 124 self.__expected = expected[:] | 122 self.__expected = expected[:] |
| 125 self.__repeat = repeat | 123 self.__repeat = repeat |
| 126 self.__filename = filename | 124 self.__filename = filename |
| 127 self.__source = source[:] | 125 self.__source = source[:] |
| 126 self.__tree = copy.deepcopy(tree) | |
| 128 self.__args = args | 127 self.__args = args |
| 129 | 128 |
| 130 # statistics counters | 129 # statistics counters |
| 131 self.counters = {} | 130 self.counters = {} |
| 132 | 131 |
| 196 "args": args, | 195 "args": args, |
| 197 "severity": severity, | 196 "severity": severity, |
| 198 "confidence": confidence, | 197 "confidence": confidence, |
| 199 }) | 198 }) |
| 200 | 199 |
| 201 def __reportInvalidSyntax(self): | |
| 202 """ | |
| 203 Private method to report a syntax error. | |
| 204 """ | |
| 205 exc_type, exc = sys.exc_info()[:2] | |
| 206 if len(exc.args) > 1: | |
| 207 offset = exc.args[1] | |
| 208 if len(offset) > 2: | |
| 209 offset = offset[1:3] | |
| 210 else: | |
| 211 offset = (1, 0) | |
| 212 self.reportError(offset[0] - 1, | |
| 213 offset[1] or 0, | |
| 214 'S999', | |
| 215 "H", | |
| 216 "H", | |
| 217 exc_type.__name__, exc.args[0]) | |
| 218 | |
| 219 def __generateTree(self): | |
| 220 """ | |
| 221 Private method to generate an AST for our source. | |
| 222 | |
| 223 @return generated AST | |
| 224 @rtype ast.AST | |
| 225 """ | |
| 226 return ast.parse("".join(self.__source), self.__filename) | |
| 227 | |
| 228 def getConfig(self): | 200 def getConfig(self): |
| 229 """ | 201 """ |
| 230 Public method to get the configuration dictionary. | 202 Public method to get the configuration dictionary. |
| 231 | 203 |
| 232 @return dictionary containing the configuration | 204 @return dictionary containing the configuration |
| 243 # don't do anything, if essential data is missing | 215 # don't do anything, if essential data is missing |
| 244 return | 216 return |
| 245 | 217 |
| 246 if not self.__checkers: | 218 if not self.__checkers: |
| 247 # don't do anything, if no codes were selected | 219 # don't do anything, if no codes were selected |
| 248 return | |
| 249 | |
| 250 try: | |
| 251 self.__tree = self.__generateTree() | |
| 252 except (SyntaxError, TypeError): | |
| 253 self.__reportInvalidSyntax() | |
| 254 return | 220 return |
| 255 | 221 |
| 256 securityNodeVisitor = SecurityNodeVisitor( | 222 securityNodeVisitor = SecurityNodeVisitor( |
| 257 self, self.__checkers, self.__filename) | 223 self, self.__checkers, self.__filename) |
| 258 securityNodeVisitor.generic_visit(self.__tree) | 224 securityNodeVisitor.generic_visit(self.__tree) |
