Mercurial Repositories > eric / file comparison

comparison: eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py

eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py

changeset 7614
646742c260bd
parent 7613
382f89c11e27
child 7615
ca2949b1a29a
equal deleted inserted replaced
7613:382f89c11e27 7614:646742c260bd
13 13
14 _securityMessages = { 14 _securityMessages = {
15 # assert used 15 # assert used
16 "S101": QCoreApplication.translate( 16 "S101": QCoreApplication.translate(
17 "Security", 17 "Security",
18 "Use of assert detected. The enclosed code will be removed when" 18 "Use of 'assert' detected. The enclosed code will be removed when"
19 " compiling to optimised byte code."), 19 " compiling to optimised byte code."),
20
21 # exec used
22 "S102": QCoreApplication.translate(
23 "Security",
24 "Use of 'exec' detected."),
25
26 # bad file permissions
27 "S103": QCoreApplication.translate(
28 "Security",
29 "'chmod' setting a permissive mask {0} on file ({1})."),
30
31 # bind to all interfaces
32 "S104": QCoreApplication.translate(
33 "Security",
34 "Possible binding to all interfaces."),
35
36 # hardcoded passwords
37 "S105": QCoreApplication.translate(
38 "Security",
39 "Possible hardcoded password: '{0}'"),
40 "S106": QCoreApplication.translate(
41 "Security",
42 "Possible hardcoded password: '{0}'"),
43 "S107": QCoreApplication.translate(
44 "Security",
45 "Possible hardcoded password: '{0}'"),
46
47 # hardcoded tmp directory
48 "S108": QCoreApplication.translate(
49 "Security",
50 "Probable insecure usage of temp file/directory."),
20 51
21 # flask app 52 # flask app
22 "S201": QCoreApplication.translate( 53 "S201": QCoreApplication.translate(
23 "Security", 54 "Security",
24 "A Flask app appears to be run with debug=True, which exposes the" 55 "A Flask app appears to be run with debug=True, which exposes the"
130 "S325": QCoreApplication.translate( 161 "S325": QCoreApplication.translate(
131 "Security", 162 "Security",
132 "Use of os.tempnam() and os.tmpnam() is vulnerable to symlink" 163 "Use of os.tempnam() and os.tmpnam() is vulnerable to symlink"
133 " attacks. Consider using tmpfile() instead."), 164 " attacks. Consider using tmpfile() instead."),
134 165
166 # hashlib.new
167 "S324": QCoreApplication.translate(
168 "Security",
169 "Use of insecure {0} hash function."),
170
135 # blacklisted imports 171 # blacklisted imports
136 "S401": QCoreApplication.translate( 172 "S401": QCoreApplication.translate(
137 "Security", 173 "Security",
138 "A telnet-related module is being imported. Telnet is considered" 174 "A telnet-related module is being imported. Telnet is considered"
139 " insecure. Use SSH or some other encrypted protocol."), 175 " insecure. Use SSH or some other encrypted protocol."),
195 " pyca/cryptography library."), 231 " pyca/cryptography library."),
196 232
197 # insecure certificate usage 233 # insecure certificate usage
198 "S501": QCoreApplication.translate( 234 "S501": QCoreApplication.translate(
199 "Security", 235 "Security",
200 "Requests call with verify=False disabling SSL certificate checks," 236 "'requests' call with verify=False disabling SSL certificate checks,"
201 " security issue."), 237 " security issue."),
202 238
203 # YAML load 239 # YAML load
204 "S506": QCoreApplication.translate( 240 "S506": QCoreApplication.translate(
205 "Security", 241 "Security",
206 "Use of unsafe yaml load. Allows instantiation of arbitrary objects." 242 "Use of unsafe 'yaml.load()'. Allows instantiation of arbitrary"
207 " Consider yaml.safe_load()."), 243 " objects. Consider 'yaml.safe_load()'."),
244
245 # Shell injection
246 "S601": QCoreApplication.translate(
247 "Security",
248 "Possible shell injection via 'Paramiko' call, check inputs are"
249 " properly sanitized."),
250 "S602.L": QCoreApplication.translate(
251 "Security",
252 "'subprocess' call with shell=True seems safe, but may be changed"
253 " in the future, consider rewriting without shell"),
254 "S602.H": QCoreApplication.translate(
255 "Security",
256 "'subprocess' call with shell=True identified, security issue."),
257 "S603": QCoreApplication.translate(
258 "Security",
259 "'subprocess' call - check for execution of untrusted input."),
260 "S604": QCoreApplication.translate(
261 "Security",
262 "Function call with shell=True parameter identified, possible"
263 " security issue."),
264 "S605.L": QCoreApplication.translate(
265 "Security",
266 "Starting a process with a shell: Seems safe, but may be changed in"
267 " the future, consider rewriting without shell"),
268 "S605.H": QCoreApplication.translate(
269 "Security",
270 "Starting a process with a shell, possible injection detected,"
271 " security issue."),
272 "S606": QCoreApplication.translate(
273 "Security",
274 "Starting a process without a shell."),
275 "S607": QCoreApplication.translate(
276 "Security",
277 "Starting a process with a partial executable path."),
208 278
209 # Django SQL injection 279 # Django SQL injection
210 "S610": QCoreApplication.translate( 280 "S610": QCoreApplication.translate(
211 "Security", 281 "Security",
212 "Use of extra potential SQL attack vector."), 282 "Use of 'extra()' opens a potential SQL attack vector."),
213 "S611": QCoreApplication.translate( 283 "S611": QCoreApplication.translate(
214 "Security", 284 "Security",
215 "Use of RawSQL potential SQL attack vector."), 285 "Use of 'RawSQL()' opens a potential SQL attack vector."),
216 286
217 # Django XSS vulnerability 287 # Django XSS vulnerability
218 "S703": QCoreApplication.translate( 288 "S703": QCoreApplication.translate(
219 "Security", 289 "Security",
220 "Potential XSS on mark_safe() function."), 290 "Potential XSS on 'mark_safe()' function."),
291
292 "S999": QCoreApplication.translate(
293 "Security",
294 "{0}: {1}"),
221 295
222 ## "S": QCoreApplication.translate( 296 ## "S": QCoreApplication.translate(
223 ## "Security", 297 ## "Security",
224 ## ""), 298 ## ""),
225 } 299 }
226 300
227 _securityMessagesSampleArgs = { 301 _securityMessagesSampleArgs = {
302 "S103": ["0o777", "testfile.txt"],
303 "S105": ["password"],
304 "S106": ["password"],
305 "S107": ["password"],
306
228 "S304": ["Crypto.Cipher.DES"], 307 "S304": ["Crypto.Cipher.DES"],
229 "S305": ["cryptography.hazmat.primitives.ciphers.modes.ECB"], 308 "S305": ["cryptography.hazmat.primitives.ciphers.modes.ECB"],
230 "S313": ["xml.etree.cElementTree.parse"], 309 "S313": ["xml.etree.cElementTree.parse"],
231 "S314": ["xml.etree.ElementTree.parse"], 310 "S314": ["xml.etree.ElementTree.parse"],
232 "S315": ["xml.sax.expatreader.create_parser"], 311 "S315": ["xml.sax.expatreader.create_parser"],
233 "S316": ["xml.dom.expatbuilder.parse"], 312 "S316": ["xml.dom.expatbuilder.parse"],
234 "S317": ["xml.sax.parse"], 313 "S317": ["xml.sax.parse"],
235 "S318": ["xml.dom.minidom.parse"], 314 "S318": ["xml.dom.minidom.parse"],
236 "S319": ["xml.dom.pulldom.parse"], 315 "S319": ["xml.dom.pulldom.parse"],
237 "S320": ["lxml.etree.parse"], 316 "S320": ["lxml.etree.parse"],
317
318 "S324": ["MD5"],
238 319
239 "S403": ["pickle"], 320 "S403": ["pickle"],
240 "S404": ["subprocess"], 321 "S404": ["subprocess"],
241 "S405": ["xml.etree.ElementTree"], 322 "S405": ["xml.etree.ElementTree"],
242 "S406": ["xml.sax"], 323 "S406": ["xml.sax"],
245 "S409": ["xml.dom.pulldom"], 326 "S409": ["xml.dom.pulldom"],
246 "S410": ["lxml"], 327 "S410": ["lxml"],
247 "S411": ["xmlrpclib"], 328 "S411": ["xmlrpclib"],
248 "S412": ["wsgiref.handlers.CGIHandler"], 329 "S412": ["wsgiref.handlers.CGIHandler"],
249 "S413": ["Crypto.Cipher"], 330 "S413": ["Crypto.Cipher"],
331
332 "S999": ["SyntaxError", "Invalid Syntax"],
250 } 333 }

Mercurial Repository: eric

eric ide

mercurial