Mercurial Repositories > eric / file comparison

comparison: eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/injectionWildcard.py

eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/injectionWildcard.py

changeset 8222
5994b80b8760
parent 8217
385f60c94548
child 8259
2bbec88047dd
equal deleted inserted replaced
8221:0572a215bd2f 8222:5994b80b8760
55 else: 55 else:
56 shellFunctionNames = SecurityDefaults["shell_injection_shell"] 56 shellFunctionNames = SecurityDefaults["shell_injection_shell"]
57 57
58 vulnerableFunctions = ['chown', 'chmod', 'tar', 'rsync'] 58 vulnerableFunctions = ['chown', 'chmod', 'tar', 'rsync']
59 if ( 59 if (
60 context.callFunctionNameQual in shellFunctionNames or 60 (context.callFunctionNameQual in shellFunctionNames or
61 (context.callFunctionNameQual in subProcessFunctionNames and 61 (context.callFunctionNameQual in subProcessFunctionNames and
62 context.checkCallArgValue('shell', 'True')) 62 context.checkCallArgValue('shell', 'True'))) and
63 context.callArgsCount >= 1
63 ): 64 ):
64 if context.callArgsCount >= 1: 65 callArgument = context.getCallArgAtPosition(0)
65 callArgument = context.getCallArgAtPosition(0) 66 argumentString = ''
66 argumentString = '' 67 if isinstance(callArgument, list):
67 if isinstance(callArgument, list): 68 for li in callArgument:
68 for li in callArgument: 69 argumentString += ' {0}'.format(li)
69 argumentString += ' {0}'.format(li) 70 elif isinstance(callArgument, str):
70 elif isinstance(callArgument, str): 71 argumentString = callArgument
71 argumentString = callArgument 72
72 73 if argumentString != '':
73 if argumentString != '': 74 for vulnerableFunction in vulnerableFunctions:
74 for vulnerableFunction in vulnerableFunctions: 75 if (
75 if ( 76 vulnerableFunction in argumentString and
76 vulnerableFunction in argumentString and 77 '*' in argumentString
77 '*' in argumentString 78 ):
78 ): 79 lineNo = context.getLinenoForCallArg('shell')
79 lineNo = context.getLinenoForCallArg('shell') 80 if lineNo < 1:
80 if lineNo < 1: 81 lineNo = context.node.lineno
81 lineNo = context.node.lineno 82 offset = context.getOffsetForCallArg('shell')
82 offset = context.getOffsetForCallArg('shell') 83 if offset < 0:
83 if offset < 0: 84 offset = context.node.col_offset
84 offset = context.node.col_offset 85 reportError(
85 reportError( 86 lineNo - 1,
86 lineNo - 1, 87 offset,
87 offset, 88 "S609",
88 "S609", 89 "H",
89 "H", 90 "M",
90 "M", 91 context.callFunctionNameQual
91 context.callFunctionNameQual 92 )
92 )

Mercurial Repository: eric

eric ide

mercurial