Mercurial Repositories > eric / file comparison
comparison: src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py
src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py
- branch
- eric7
- changeset 11136
- 437db2f032fd
- parent 11124
- f475e4e210d2
- child 11147
- dee6e106b4d3
equal
deleted
inserted
replaced
| 11135:5af56f31c53f | 11136:437db2f032fd |
|---|---|
| 161 "Security", | 161 "Security", |
| 162 "Using '{0}' to parse untrusted XML data is known to be vulnerable to" | 162 "Using '{0}' to parse untrusted XML data is known to be vulnerable to" |
| 163 " XML attacks. Replace '{0}' with its defusedxml equivalent function" | 163 " XML attacks. Replace '{0}' with its defusedxml equivalent function" |
| 164 " or make sure defusedxml.defuse_stdlib() is called.", | 164 " or make sure defusedxml.defuse_stdlib() is called.", |
| 165 ), | 165 ), |
| 166 "S320": QCoreApplication.translate( | |
| 167 "Security", | |
| 168 "Using '{0}' to parse untrusted XML data is known to be vulnerable to" | |
| 169 " XML attacks. Replace '{0}' with its defusedxml equivalent" | |
| 170 " function.", | |
| 171 ), | |
| 172 "S321": QCoreApplication.translate( | 166 "S321": QCoreApplication.translate( |
| 173 "Security", | 167 "Security", |
| 174 "FTP-related functions are being called. FTP is considered insecure." | 168 "FTP-related functions are being called. FTP is considered insecure." |
| 175 " Use SSH/SFTP/SCP or some other encrypted protocol.", | 169 " Use SSH/SFTP/SCP or some other encrypted protocol.", |
| 176 ), | |
| 177 "S322": QCoreApplication.translate( | |
| 178 "Security", | |
| 179 "The input method in Python 2 will read from standard input, evaluate" | |
| 180 " and run the resulting string as Python source code. This is" | |
| 181 " similar, though in many ways worse, than using eval. On Python 2," | |
| 182 " use raw_input instead, input is safe in Python 3.", | |
| 183 ), | 170 ), |
| 184 "S323": QCoreApplication.translate( | 171 "S323": QCoreApplication.translate( |
| 185 "Security", | 172 "Security", |
| 186 "By default, Python will create a secure, verified SSL context for" | 173 "By default, Python will create a secure, verified SSL context for" |
| 187 " use in such classes as HTTPSConnection. However, it still allows" | 174 " use in such classes as HTTPSConnection. However, it still allows" |
| 188 " using an insecure context via the _create_unverified_context that" | 175 " using an insecure context via the _create_unverified_context that" |
| 189 " reverts to the previous behavior that does not validate" | 176 " reverts to the previous behavior that does not validate" |
| 190 " certificates or perform hostname checks.", | 177 " certificates or perform hostname checks.", |
| 191 ), | 178 ), |
| 192 # hashlib.new | 179 # hashlib functions |
| 193 "S331": QCoreApplication.translate( | 180 "S331": QCoreApplication.translate( |
| 194 "Security", "Use of insecure {0} hash function." | 181 "Security", "Use of insecure {0} hash function." |
| 195 ), | 182 ), |
| 196 "S332": QCoreApplication.translate( | 183 "S332": QCoreApplication.translate( |
| 197 "Security", | 184 "Security", |
| 243 "S409": QCoreApplication.translate( | 230 "S409": QCoreApplication.translate( |
| 244 "Security", | 231 "Security", |
| 245 "Using '{0}' to parse untrusted XML data is known to be vulnerable" | 232 "Using '{0}' to parse untrusted XML data is known to be vulnerable" |
| 246 " to XML attacks. Replace '{0}' with the equivalent defusedxml" | 233 " to XML attacks. Replace '{0}' with the equivalent defusedxml" |
| 247 " package, or make sure defusedxml.defuse_stdlib() is called.", | 234 " package, or make sure defusedxml.defuse_stdlib() is called.", |
| 248 ), | |
| 249 "S410": QCoreApplication.translate( | |
| 250 "Security", | |
| 251 "Using '{0}' to parse untrusted XML data is known to be vulnerable" | |
| 252 " to XML attacks. Replace '{0}' with the equivalent defusedxml" | |
| 253 " package.", | |
| 254 ), | 235 ), |
| 255 "S411": QCoreApplication.translate( | 236 "S411": QCoreApplication.translate( |
| 256 "Security", | 237 "Security", |
| 257 "Using '{0}' to parse untrusted XML data is known to be vulnerable" | 238 "Using '{0}' to parse untrusted XML data is known to be vulnerable" |
| 258 " to XML attacks. Use defusedxml.xmlrpc.monkey_patch() function to" | 239 " to XML attacks. Use defusedxml.xmlrpc.monkey_patch() function to" |
| 448 "S315": ["xml.sax.expatreader.create_parser"], | 429 "S315": ["xml.sax.expatreader.create_parser"], |
| 449 "S316": ["xml.dom.expatbuilder.parse"], | 430 "S316": ["xml.dom.expatbuilder.parse"], |
| 450 "S317": ["xml.sax.parse"], | 431 "S317": ["xml.sax.parse"], |
| 451 "S318": ["xml.dom.minidom.parse"], | 432 "S318": ["xml.dom.minidom.parse"], |
| 452 "S319": ["xml.dom.pulldom.parse"], | 433 "S319": ["xml.dom.pulldom.parse"], |
| 453 "S320": ["lxml.etree.parse"], | |
| 454 "S331": ["MD5"], | 434 "S331": ["MD5"], |
| 455 "S403": ["pickle"], | 435 "S403": ["pickle"], |
| 456 "S404": ["subprocess"], | 436 "S404": ["subprocess"], |
| 457 "S405": ["xml.etree.ElementTree"], | 437 "S405": ["xml.etree.ElementTree"], |
| 458 "S406": ["xml.sax"], | 438 "S406": ["xml.sax"], |
| 459 "S407": ["xml.dom.expatbuilder"], | 439 "S407": ["xml.dom.expatbuilder"], |
| 460 "S408": ["xml.dom.minidom"], | 440 "S408": ["xml.dom.minidom"], |
| 461 "S409": ["xml.dom.pulldom"], | 441 "S409": ["xml.dom.pulldom"], |
| 462 "S410": ["lxml"], | |
| 463 "S411": ["xmlrpclib"], | 442 "S411": ["xmlrpclib"], |
| 464 "S412": ["wsgiref.handlers.CGIHandler"], | 443 "S412": ["wsgiref.handlers.CGIHandler"], |
| 465 "S413": ["Crypto.Cipher"], | 444 "S413": ["Crypto.Cipher"], |
| 466 "S505": ["RSA", 2048], | 445 "S505": ["RSA", 2048], |
| 467 "S609": ["os.system"], | 446 "S609": ["os.system"], |
