Mercurial Repositories > eric / file comparison
comparison: src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/prohibitedImports.py
src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/prohibitedImports.py
- branch
- eric7
- changeset 10503
- 6a37b6ac3928
- parent 10439
- 21c28b0f9e41
- child 10507
- d1c6608155ef
equal
deleted
inserted
replaced
| 10502:89b8e0a67fde | 10503:6a37b6ac3928 |
|---|---|
| 1 # -*- coding: utf-8 -*- | |
| 2 | |
| 3 # Copyright (c) 2020 - 2024 Detlev Offenbach <detlev@die-offenbachs.de> | |
| 4 # | |
| 5 | |
| 6 """ | |
| 7 Module implementing checks for prohibited imports. | |
| 8 """ | |
| 9 | |
| 10 # | |
| 11 # This is a modified version of the one found in the bandit package. | |
| 12 # | |
| 13 # Original Copyright 2016 Hewlett-Packard Development Company, L.P. | |
| 14 # | |
| 15 # SPDX-License-Identifier: Apache-2.0 | |
| 16 # | |
| 17 | |
| 18 _prohibitedImports = { | |
| 19 "S401": (["telnetlib"], "H"), | |
| 20 "S402": (["ftplib"], "H"), | |
| 21 "S403": (["pickle", "cPickle", "dill", "shelve"], "L"), | |
| 22 "S404": (["subprocess"], "L"), | |
| 23 "S405": (["xml.etree.cElementTree", "xml.etree.ElementTree"], "L"), | |
| 24 "S406": (["xml.sax"], "L"), | |
| 25 "S407": (["xml.dom.expatbuilder"], "L"), | |
| 26 "S408": (["xml.dom.minidom"], "L"), | |
| 27 "S409": (["xml.dom.pulldom"], "L"), | |
| 28 "S410": (["lxml"], "L"), | |
| 29 "S411": (["xmlrpclib"], "H"), | |
| 30 "S412": ( | |
| 31 [ | |
| 32 "wsgiref.handlers.CGIHandler", | |
| 33 "twisted.web.twcgi.CGIScript", | |
| 34 "twisted.web.twcgi.CGIDirectory", | |
| 35 ], | |
| 36 "H", | |
| 37 ), | |
| 38 "S413": ( | |
| 39 [ | |
| 40 "Crypto.Cipher", | |
| 41 "Crypto.Hash", | |
| 42 "Crypto.IO", | |
| 43 "Crypto.Protocol", | |
| 44 "Crypto.PublicKey", | |
| 45 "Crypto.Random", | |
| 46 "Crypto.Signature", | |
| 47 "Crypto.Util", | |
| 48 ], | |
| 49 "H", | |
| 50 ), | |
| 51 "S414": (["pyghmi"], "H"), | |
| 52 } | |
| 53 | |
| 54 | |
| 55 def getChecks(): | |
| 56 """ | |
| 57 Public method to get a dictionary with checks handled by this module. | |
| 58 | |
| 59 @return dictionary containing checker lists containing checker function and | |
| 60 list of codes | |
| 61 @rtype dict | |
| 62 """ | |
| 63 return { | |
| 64 "Import": [ | |
| 65 (checkProhibitedImports, tuple(_prohibitedImports)), | |
| 66 ], | |
| 67 "ImportFrom": [ | |
| 68 (checkProhibitedImports, tuple(_prohibitedImports)), | |
| 69 ], | |
| 70 "Call": [ | |
| 71 (checkProhibitedImports, tuple(_prohibitedImports)), | |
| 72 ], | |
| 73 } | |
| 74 | |
| 75 | |
| 76 def checkProhibitedImports(reportError, context, config): # noqa: U100 | |
| 77 """ | |
| 78 Function to check for prohibited imports. | |
| 79 | |
| 80 @param reportError function to be used to report errors | |
| 81 @type func | |
| 82 @param context security context object | |
| 83 @type SecurityContext | |
| 84 @param config dictionary with configuration data | |
| 85 @type dict | |
| 86 """ | |
| 87 nodeType = context.node.__class__.__name__ | |
| 88 | |
| 89 if nodeType.startswith("Import"): | |
| 90 prefix = "" | |
| 91 if nodeType == "ImportFrom" and context.node.module is not None: | |
| 92 prefix = context.node.module + "." | |
| 93 | |
| 94 for code in _prohibitedImports: | |
| 95 qualnames, severity = _prohibitedImports[code] | |
| 96 for name in context.node.names: | |
| 97 for qualname in qualnames: | |
| 98 if (prefix + name.name).startswith(qualname): | |
| 99 reportError( | |
| 100 context.node.lineno - 1, | |
| 101 context.node.col_offset, | |
| 102 code, | |
| 103 severity, | |
| 104 "H", | |
| 105 name.name, | |
| 106 ) |
