Mercurial Repositories > eric / file comparison
comparison: src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/djangoSqlInjection.py
src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/djangoSqlInjection.py
- branch
- eric7
- changeset 10683
- 779cda568acb
- parent 10507
- d1c6608155ef
- child 11090
- f5f5f5803935
equal
deleted
inserted
replaced
| 10682:47be220abdaf | 10683:779cda568acb |
|---|---|
| 50 if isinstance(node, ast.keyword): | 50 if isinstance(node, ast.keyword): |
| 51 kwargs[node.arg] = node.value | 51 kwargs[node.arg] = node.value |
| 52 return kwargs | 52 return kwargs |
| 53 | 53 |
| 54 | 54 |
| 55 def checkDjangoExtraUsed(reportError, context, config): # noqa: U100 | 55 def checkDjangoExtraUsed(reportError, context, _config): |
| 56 """ | 56 """ |
| 57 Function to check for potential SQL injection on extra function. | 57 Function to check for potential SQL injection on extra function. |
| 58 | 58 |
| 59 @param reportError function to be used to report errors | 59 @param reportError function to be used to report errors |
| 60 @type func | 60 @type func |
| 61 @param context security context object | 61 @param context security context object |
| 62 @type SecurityContext | 62 @type SecurityContext |
| 63 @param config dictionary with configuration data | 63 @param _config dictionary with configuration data (unused) |
| 64 @type dict | 64 @type dict |
| 65 """ | 65 """ |
| 66 if context.callFunctionName == "extra": | 66 if context.callFunctionName == "extra": |
| 67 kwargs = keywords2dict(context.node.keywords) | 67 kwargs = keywords2dict(context.node.keywords) |
| 68 args = context.node.args | 68 args = context.node.args |
| 108 reportError( | 108 reportError( |
| 109 context.node.lineno - 1, context.node.col_offset, "S610", "M", "M" | 109 context.node.lineno - 1, context.node.col_offset, "S610", "M", "M" |
| 110 ) | 110 ) |
| 111 | 111 |
| 112 | 112 |
| 113 def checkDjangoRawSqlUsed(reportError, context, config): # noqa: U100 | 113 def checkDjangoRawSqlUsed(reportError, context, _config): |
| 114 """ | 114 """ |
| 115 Function to check for potential SQL injection on RawSQL function. | 115 Function to check for potential SQL injection on RawSQL function. |
| 116 | 116 |
| 117 @param reportError function to be used to report errors | 117 @param reportError function to be used to report errors |
| 118 @type func | 118 @type func |
| 119 @param context security context object | 119 @param context security context object |
| 120 @type SecurityContext | 120 @type SecurityContext |
| 121 @param config dictionary with configuration data | 121 @param _config dictionary with configuration data (unused) |
| 122 @type dict | 122 @type dict |
| 123 """ | 123 """ |
| 124 if ( | 124 if ( |
| 125 context.isModuleImportedLike("django.db.models") | 125 context.isModuleImportedLike("django.db.models") |
| 126 and context.callFunctionName == "RawSQL" | 126 and context.callFunctionName == "RawSQL" |
