Mercurial Repositories > eric / file comparison
comparison: eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/blackListImports.py
eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/blackListImports.py
- branch
- eric7
- changeset 8312
- 800c432b34c8
- parent 8222
- 5994b80b8760
- child 8881
- 54e42bc2437a
equal
deleted
inserted
replaced
| 8311:4e8b98454baa | 8312:800c432b34c8 |
|---|---|
| 1 # -*- coding: utf-8 -*- | |
| 2 | |
| 3 # Copyright (c) 2020 - 2021 Detlev Offenbach <detlev@die-offenbachs.de> | |
| 4 # | |
| 5 | |
| 6 """ | |
| 7 Module implementing checks for blacklisted imports. | |
| 8 """ | |
| 9 | |
| 10 # | |
| 11 # This is a modified version of the one found in the bandit package. | |
| 12 # | |
| 13 # Original Copyright 2016 Hewlett-Packard Development Company, L.P. | |
| 14 # | |
| 15 # SPDX-License-Identifier: Apache-2.0 | |
| 16 # | |
| 17 | |
| 18 _blacklists = { | |
| 19 "S401": ([ | |
| 20 'telnetlib'], | |
| 21 "H"), | |
| 22 "S402": ([ | |
| 23 'ftplib'], | |
| 24 "H"), | |
| 25 "S403": ([ | |
| 26 'pickle', | |
| 27 'cPickle', | |
| 28 'dill', | |
| 29 'shelve'], | |
| 30 "L"), | |
| 31 "S404": ([ | |
| 32 'subprocess'], | |
| 33 "L"), | |
| 34 "S405": ([ | |
| 35 'xml.etree.cElementTree', | |
| 36 'xml.etree.ElementTree'], | |
| 37 "L"), | |
| 38 "S406": ([ | |
| 39 'xml.sax'], | |
| 40 "L"), | |
| 41 "S407": ([ | |
| 42 'xml.dom.expatbuilder'], | |
| 43 "L"), | |
| 44 "S408": ([ | |
| 45 'xml.dom.minidom'], | |
| 46 "L"), | |
| 47 "S409": ([ | |
| 48 'xml.dom.pulldom'], | |
| 49 "L"), | |
| 50 "S410": ([ | |
| 51 'lxml'], | |
| 52 "L"), | |
| 53 "S411": ([ | |
| 54 'xmlrpclib'], | |
| 55 "H"), | |
| 56 "S412": ([ | |
| 57 'wsgiref.handlers.CGIHandler', | |
| 58 'twisted.web.twcgi.CGIScript', | |
| 59 'twisted.web.twcgi.CGIDirectory'], | |
| 60 "H"), | |
| 61 "S413": ([ | |
| 62 'Crypto.Cipher', | |
| 63 'Crypto.Hash', | |
| 64 'Crypto.IO', | |
| 65 'Crypto.Protocol', | |
| 66 'Crypto.PublicKey', | |
| 67 'Crypto.Random', | |
| 68 'Crypto.Signature', | |
| 69 'Crypto.Util'], | |
| 70 "H"), | |
| 71 } | |
| 72 | |
| 73 | |
| 74 def getChecks(): | |
| 75 """ | |
| 76 Public method to get a dictionary with checks handled by this module. | |
| 77 | |
| 78 @return dictionary containing checker lists containing checker function and | |
| 79 list of codes | |
| 80 @rtype dict | |
| 81 """ | |
| 82 return { | |
| 83 "Import": [ | |
| 84 (checkBlacklist, tuple(_blacklists.keys())), | |
| 85 ], | |
| 86 "ImportFrom": [ | |
| 87 (checkBlacklist, tuple(_blacklists.keys())), | |
| 88 ], | |
| 89 "Call": [ | |
| 90 (checkBlacklist, tuple(_blacklists.keys())), | |
| 91 ], | |
| 92 } | |
| 93 | |
| 94 | |
| 95 def checkBlacklist(reportError, context, config): | |
| 96 """ | |
| 97 Function to check for blacklisted method calls. | |
| 98 | |
| 99 @param reportError function to be used to report errors | |
| 100 @type func | |
| 101 @param context security context object | |
| 102 @type SecurityContext | |
| 103 @param config dictionary with configuration data | |
| 104 @type dict | |
| 105 """ | |
| 106 nodeType = context.node.__class__.__name__ | |
| 107 | |
| 108 if nodeType.startswith('Import'): | |
| 109 prefix = "" | |
| 110 if ( | |
| 111 nodeType == "ImportFrom" and | |
| 112 context.node.module is not None | |
| 113 ): | |
| 114 prefix = context.node.module + "." | |
| 115 | |
| 116 for code in _blacklists: | |
| 117 qualnames, severity = _blacklists[code] | |
| 118 for name in context.node.names: | |
| 119 for qualname in qualnames: | |
| 120 if (prefix + name.name).startswith(qualname): | |
| 121 reportError( | |
| 122 context.node.lineno - 1, | |
| 123 context.node.col_offset, | |
| 124 code, | |
| 125 severity, | |
| 126 "H", | |
| 127 name.name | |
| 128 ) |
