eric: comparison eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/djangoXssVulnerability.py

-:fb0ef164f536
+:698ae46f40a4
 "M",
 "H"
 )
-class DeepAssignation(object):
+class DeepAssignation:
 """
 Class to perform a deep analysis of an assign.
 """
 def __init__(self, varName, ignoreNodes=None):
 """
 @type ast.AST
 @return flag indicating an assignement
 @rtype bool
 """
 assigned = False
-if self.__ignoreNodes:
+if (
-if isinstance(self.__ignoreNodes, (list, tuple, object)):
+self.__ignoreNodes and
-if isinstance(node, self.__ignoreNodes):
+isinstance(self.__ignoreNodes, (list, tuple, object)) and
-return assigned
+isinstance(node, self.__ignoreNodes)
+):
+return assigned
 if isinstance(node, ast.Expr):
 assigned = self.isAssigned(node.value)
 elif isinstance(node, ast.FunctionDef):
 for name in node.args.args:
-if isinstance(name, ast.Name):
+if (
-if name.id == self.var_name.id:
+isinstance(name, ast.Name) and
-# If is param the assignations are not affected
+name.id == self.var_name.id
-return assigned
+):
+# If is param the assignations are not affected
+return assigned
 assigned = self.isAssignedIn(node.body)
 elif isinstance(node, ast.With):
 for withitem in node.items:
 varId = getattr(withitem.optional_vars, 'id', None)
-if varId == self.__varName.id:
+assigned = (
-assigned = node
+node
-else:
+if varId == self.__varName.id else
-assigned = self.isAssignedIn(node.body)
+self.isAssignedIn(node.body)
+)
 elif isinstance(node, ast.Try):
 assigned = []
 assigned.extend(self.isAssignedIn(node.body))
 assigned.extend(self.isAssignedIn(node.handlers))
 assigned.extend(self.isAssignedIn(node.orelse))
 assigned.extend(self.isAssignedIn(node.body))
 elif isinstance(node, (ast.If, ast.For, ast.While)):
 assigned = []
 assigned.extend(self.isAssignedIn(node.body))
 assigned.extend(self.isAssignedIn(node.orelse))
-elif isinstance(node, ast.AugAssign):
+elif (
-if isinstance(node.target, ast.Name):
+isinstance(node, ast.AugAssign) and
-if node.target.id == self.__varName.id:
+isinstance(node.target, ast.Name) and
-assigned = node.value
+node.target.id == self.__varName.id
+):
+assigned = node.value
 elif isinstance(node, ast.Assign) and node.targets:
 target = node.targets[0]
 if isinstance(target, ast.Name):
 if target.id == self.__varName.id:
 assigned = node.value
 elif isinstance(target, ast.Tuple):
-pos = 0
+for pos, name in enumerate(target.elts):
-for name in target.elts:
 if name.id == self.__varName.id:
 assigned = node.value.elts[pos]
 break
-pos += 1
 return assigned
 def evaluateVar(xssVar, parent, until, ignoreNodes=None):
 @return flag indicating a secure evaluation
 @rtype bool
 """
 secure = False
 if isinstance(xssVar, ast.Name):
-if isinstance(parent, ast.FunctionDef):
+if (
-for name in parent.args.args:
+isinstance(parent, ast.FunctionDef) and
-if name.arg == xssVar.id:
+any(name.arg == xssVar.id for name in parent.args.args)
-return False  # Params are not secure
+):
+return False  # Params are not secure
 analyser = DeepAssignation(xssVar, ignoreNodes)
 for node in parent.body:
 if node.lineno >= until:
 break
 @rtype bool
 """
 secure = False
 evaluate = False
-if isinstance(call, ast.Call) and isinstance(call.func, ast.Attribute):
+if (
-if (
+isinstance(call, ast.Call) and
-AstUtilities.isString(call.func.value) and
+isinstance(call.func, ast.Attribute) and
-call.func.attr == 'format'
+AstUtilities.isString(call.func.value) and
-):
+call.func.attr == 'format'
-evaluate = True
+):
-if call.keywords:
+evaluate = True
-evaluate = False
+if call.keywords:
+evaluate = False
 if evaluate:
 args = list(call.args)
 numSecure = 0

Mercurial Repositories > eric / file comparison

comparison: eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/djangoXssVulnerability.py

eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/djangoXssVulnerability.py