Mercurial Repositories > eric / file comparison
comparison: src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/prohibitedCalls.py
src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/prohibitedCalls.py
- branch
- eric7
- changeset 11136
- 437db2f032fd
- parent 11090
- f5f5f5803935
- child 11137
- a90284948331
equal
deleted
inserted
replaced
| 11135:5af56f31c53f | 11136:437db2f032fd |
|---|---|
| 15 # SPDX-License-Identifier: Apache-2.0 | 15 # SPDX-License-Identifier: Apache-2.0 |
| 16 # | 16 # |
| 17 | 17 |
| 18 import ast | 18 import ast |
| 19 import fnmatch | 19 import fnmatch |
| 20 import sys | |
| 21 | 20 |
| 22 import AstUtilities | 21 import AstUtilities |
| 23 | 22 |
| 24 _prohibitedCalls = { | 23 _prohibitedCalls = { |
| 25 "S301": ( | 24 "S301": ( |
| 26 [ | 25 [ |
| 27 "pickle.loads", | 26 "pickle.loads", |
| 28 "pickle.load", | 27 "pickle.load", |
| 29 "pickle.Unpickler", | 28 "pickle.Unpickler", |
| 30 "cPickle.loads", | |
| 31 "cPickle.load", | |
| 32 "cPickle.Unpickler", | |
| 33 "dill.loads", | 29 "dill.loads", |
| 34 "dill.load", | 30 "dill.load", |
| 35 "dill.Unpickler", | 31 "dill.Unpickler", |
| 36 "shelve.open", | 32 "shelve.open", |
| 37 "shelve.DbfilenameShelf", | 33 "shelve.DbfilenameShelf", |
| 42 ], | 38 ], |
| 43 "M", | 39 "M", |
| 44 ), | 40 ), |
| 45 "S302": (["marshal.load", "marshal.loads"], "M"), | 41 "S302": (["marshal.load", "marshal.loads"], "M"), |
| 46 } | 42 } |
| 47 if sys.version_info >= (3, 9): | 43 _prohibitedCalls["S303"] = ( |
| 48 _prohibitedCalls["S303"] = ( | 44 [ |
| 49 [ | 45 "Crypto.Hash.MD2.new", |
| 50 "Crypto.Hash.MD2.new", | 46 "Crypto.Hash.MD4.new", |
| 51 "Crypto.Hash.MD4.new", | 47 "Crypto.Hash.MD5.new", |
| 52 "Crypto.Hash.MD5.new", | 48 "Crypto.Hash.SHA.new", |
| 53 "Crypto.Hash.SHA.new", | 49 "Cryptodome.Hash.MD2.new", |
| 54 "Cryptodome.Hash.MD2.new", | 50 "Cryptodome.Hash.MD4.new", |
| 55 "Cryptodome.Hash.MD4.new", | 51 "Cryptodome.Hash.MD5.new", |
| 56 "Cryptodome.Hash.MD5.new", | 52 "Cryptodome.Hash.SHA.new", |
| 57 "Cryptodome.Hash.SHA.new", | 53 "cryptography.hazmat.primitives.hashes.MD5", |
| 58 "cryptography.hazmat.primitives.hashes.MD5", | 54 "cryptography.hazmat.primitives.hashes.SHA1", |
| 59 "cryptography.hazmat.primitives.hashes.SHA1", | 55 ], |
| 60 ], | 56 "M", |
| 61 "M", | 57 ) |
| 62 ) | |
| 63 else: | |
| 64 _prohibitedCalls["S303"] = ( | |
| 65 [ | |
| 66 "hashlib.md4", | |
| 67 "hashlib.md5", | |
| 68 "hashlib.sha", | |
| 69 "hashlib.sha1", | |
| 70 "Crypto.Hash.MD2.new", | |
| 71 "Crypto.Hash.MD4.new", | |
| 72 "Crypto.Hash.MD5.new", | |
| 73 "Crypto.Hash.SHA.new", | |
| 74 "Cryptodome.Hash.MD2.new", | |
| 75 "Cryptodome.Hash.MD4.new", | |
| 76 "Cryptodome.Hash.MD5.new", | |
| 77 "Cryptodome.Hash.SHA.new", | |
| 78 "cryptography.hazmat.primitives.hashes.MD5", | |
| 79 "cryptography.hazmat.primitives.hashes.SHA1", | |
| 80 ], | |
| 81 "M", | |
| 82 ) | |
| 83 | 58 |
| 84 _prohibitedCalls.update( | 59 _prohibitedCalls.update( |
| 85 { | 60 { |
| 86 "S304": ( | 61 "S304": ( |
| 87 [ | 62 [ |
| 95 "Cryptodome.Cipher.Blowfish.new", | 70 "Cryptodome.Cipher.Blowfish.new", |
| 96 "Cryptodome.Cipher.DES.new", | 71 "Cryptodome.Cipher.DES.new", |
| 97 "Cryptodome.Cipher.XOR.new", | 72 "Cryptodome.Cipher.XOR.new", |
| 98 "cryptography.hazmat.primitives.ciphers.algorithms.ARC4", | 73 "cryptography.hazmat.primitives.ciphers.algorithms.ARC4", |
| 99 "cryptography.hazmat.primitives.ciphers.algorithms.Blowfish", | 74 "cryptography.hazmat.primitives.ciphers.algorithms.Blowfish", |
| 75 "cryptography.hazmat.primitives.ciphers.algorithms.CAST5", | |
| 100 "cryptography.hazmat.primitives.ciphers.algorithms.IDEA", | 76 "cryptography.hazmat.primitives.ciphers.algorithms.IDEA", |
| 77 "cryptography.hazmat.primitives.ciphers.algorithms.SEED", | |
| 78 "cryptography.hazmat.primitives.ciphers.algorithms.TripleDES", | |
| 101 ], | 79 ], |
| 102 "H", | 80 "H", |
| 103 ), | 81 ), |
| 104 "S305": (["cryptography.hazmat.primitives.ciphers.modes.ECB"], "M"), | 82 "S305": (["cryptography.hazmat.primitives.ciphers.modes.ECB"], "M"), |
| 105 "S306": (["tempfile.mktemp"], "M"), | 83 "S306": (["tempfile.mktemp"], "M"), |
| 157 "M", | 135 "M", |
| 158 ), | 136 ), |
| 159 "S317": (["xml.sax.parse", "xml.sax.parseString", "xml.sax.make_parser"], "M"), | 137 "S317": (["xml.sax.parse", "xml.sax.parseString", "xml.sax.make_parser"], "M"), |
| 160 "S318": (["xml.dom.minidom.parse", "xml.dom.minidom.parseString"], "M"), | 138 "S318": (["xml.dom.minidom.parse", "xml.dom.minidom.parseString"], "M"), |
| 161 "S319": (["xml.dom.pulldom.parse", "xml.dom.pulldom.parseString"], "M"), | 139 "S319": (["xml.dom.pulldom.parse", "xml.dom.pulldom.parseString"], "M"), |
| 162 "S320": ( | |
| 163 [ | |
| 164 "lxml.etree.parse", | |
| 165 "lxml.etree.fromstring", | |
| 166 "lxml.etree.RestrictedElement", | |
| 167 "lxml.etree.GlobalParserTLS", | |
| 168 "lxml.etree.getDefaultParser", | |
| 169 "lxml.etree.check_docinfo", | |
| 170 ], | |
| 171 "M", | |
| 172 ), | |
| 173 "S321": (["ftplib.FTP"], "H"), | 140 "S321": (["ftplib.FTP"], "H"), |
| 174 "S322": (["input"], "H"), | |
| 175 "S323": (["ssl._create_unverified_context"], "M"), | 141 "S323": (["ssl._create_unverified_context"], "M"), |
| 176 } | 142 } |
| 177 ) | 143 ) |
| 178 | 144 |
| 179 | 145 |
