Mercurial Repositories > eric / file comparison
comparison: eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityChecker.py
eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityChecker.py
- changeset 7614
- 646742c260bd
- parent 7613
- 382f89c11e27
- child 7615
- ca2949b1a29a
equal
deleted
inserted
replaced
| 7613:382f89c11e27 | 7614:646742c260bd |
|---|---|
| 21 """ | 21 """ |
| 22 Codes = [ | 22 Codes = [ |
| 23 # assert used | 23 # assert used |
| 24 "S101", | 24 "S101", |
| 25 | 25 |
| 26 # exec used | |
| 27 "S102", | |
| 28 | |
| 29 # bad file permissions | |
| 30 "S103", | |
| 31 | |
| 32 # bind to all interfaces | |
| 33 "S104", | |
| 34 | |
| 35 # hardcoded passwords | |
| 36 "S105", "S106", "S107" | |
| 37 | |
| 38 # hardcoded tmp directory | |
| 39 "S108", | |
| 40 | |
| 26 # flask app | 41 # flask app |
| 27 "S201", | 42 "S201", |
| 28 | 43 |
| 29 # insecure function calls (blacklisted) | 44 # insecure function calls (blacklisted) |
| 30 "S301", "S302", "S303", "S304", "S305", "S306", "S307", "S308", "S309", | 45 "S301", "S302", "S303", "S304", "S305", "S306", "S307", "S308", "S309", |
| 31 "S310", "S311", "S312", "S313", "S314", "S315", "S316", "S317", "S318", | 46 "S310", "S311", "S312", "S313", "S314", "S315", "S316", "S317", "S318", |
| 32 "S319", "S320", "S321", "S322", "S323", "S325", | 47 "S319", "S320", "S321", "S322", "S323", "S325", # TODO: check S324 |
| 48 # hashlib.new | |
| 49 "S324", | |
| 33 | 50 |
| 34 # insecure imports (blacklisted) | 51 # insecure imports (blacklisted) |
| 35 "S401", "S402", "S403", "S404", "S405", "S406", "S407", "S408", "S409", | 52 "S401", "S402", "S403", "S404", "S405", "S406", "S407", "S408", "S409", |
| 36 "S410", "S411", "S412", "S413", | 53 "S410", "S411", "S412", "S413", |
| 37 | 54 |
| 38 # insecure certificate usage | 55 # insecure certificate usage |
| 39 "S501", | 56 "S501", |
| 40 | 57 |
| 58 # YAML load | |
| 59 "S506", | |
| 60 | |
| 61 # Shell injection | |
| 62 "S601", "S602", "S603", "S604", "S605", "S606", "S607", | |
| 63 | |
| 41 # Django SQL injection | 64 # Django SQL injection |
| 42 "S610", "S611", | 65 "S610", "S611", |
| 43 | 66 |
| 44 # Django XSS vulnerability | 67 # Django XSS vulnerability |
| 45 "S703", | 68 "S703", |
| 46 | |
| 47 # YAML load | |
| 48 "S506", | |
| 49 ] | 69 ] |
| 50 | 70 |
| 51 def __init__(self, source, filename, select, ignore, expected, repeat, | 71 def __init__(self, source, filename, select, ignore, expected, repeat, |
| 52 args): | 72 args): |
| 53 """ | 73 """ |
| 63 @type list of str | 83 @type list of str |
| 64 @param expected list of expected codes | 84 @param expected list of expected codes |
| 65 @type list of str | 85 @type list of str |
| 66 @param repeat flag indicating to report each occurrence of a code | 86 @param repeat flag indicating to report each occurrence of a code |
| 67 @type bool | 87 @type bool |
| 68 @param args dictionary of arguments for the miscellaneous checks | 88 @param args dictionary of arguments for the security checks |
| 69 @type dict | 89 @type dict |
| 70 """ | 90 """ |
| 71 self.__select = tuple(select) | 91 self.__select = tuple(select) |
| 72 self.__ignore = ('',) if select else tuple(ignore) | 92 self.__ignore = ('',) if select else tuple(ignore) |
| 73 self.__expected = expected[:] | 93 self.__expected = expected[:] |
| 156 offset = exc.args[1] | 176 offset = exc.args[1] |
| 157 if len(offset) > 2: | 177 if len(offset) > 2: |
| 158 offset = offset[1:3] | 178 offset = offset[1:3] |
| 159 else: | 179 else: |
| 160 offset = (1, 0) | 180 offset = (1, 0) |
| 161 self.__error(offset[0] - 1, | 181 self.reportError(offset[0] - 1, |
| 162 offset[1] or 0, | 182 offset[1] or 0, |
| 163 'S999', | 183 'S999', |
| 164 "H", | 184 "H", |
| 165 "H", | 185 "H", |
| 166 exc_type.__name__, exc.args[0]) | 186 exc_type.__name__, exc.args[0]) |
| 167 | 187 |
| 168 def __generateTree(self): | 188 def __generateTree(self): |
| 169 """ | 189 """ |
| 170 Private method to generate an AST for our source. | 190 Private method to generate an AST for our source. |
| 171 | 191 |
