Mercurial Repositories > eric / file comparison

comparison: src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/generalFilePermissions.py

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/generalFilePermissions.py

branch
eric7
changeset 9325
8157eb19aba5
parent 9221
bf71ee032bb4
child 9653
e67609152c5e
equal deleted inserted replaced
9324:7f7f3e47b238 9325:8157eb19aba5
31 (checkFilePermissions, ("S102",)), 31 (checkFilePermissions, ("S102",)),
32 ], 32 ],
33 } 33 }
34 34
35 35
36 def _statIsDangerous(mode):
37 """
38 Function to check for dangerous stat values.
39
40 @param mode file mode to be checked
41 @type int
42 @return mode with masked dangerous values
43 @rtype int
44 """
45 return (
46 mode & stat.S_IWOTH
47 or mode & stat.S_IWGRP
48 or mode & stat.S_IXGRP
49 or mode & stat.S_IXOTH
50 )
51
52
36 def checkFilePermissions(reportError, context, config): 53 def checkFilePermissions(reportError, context, config):
37 """ 54 """
38 Function to check for setting too permissive file permissions. 55 Function to check for setting too permissive file permissions.
39 56
40 @param reportError function to be used to report errors 57 @param reportError function to be used to report errors
45 @type dict 62 @type dict
46 """ 63 """
47 if "chmod" in context.callFunctionName and context.callArgsCount == 2: 64 if "chmod" in context.callFunctionName and context.callArgsCount == 2:
48 mode = context.getCallArgAtPosition(1) 65 mode = context.getCallArgAtPosition(1)
49 66
50 if ( 67 if mode is not None and isinstance(mode, int) and _statIsDangerous(mode):
51 mode is not None
52 and isinstance(mode, int)
53 and (mode & stat.S_IWOTH or mode & stat.S_IXGRP)
54 ):
55 # world writable is an HIGH, group executable is a MEDIUM 68 # world writable is an HIGH, group executable is a MEDIUM
56 if mode & stat.S_IWOTH: 69 if mode & stat.S_IWOTH:
57 severity = "H" 70 severity = "H"
58 else: 71 else:
59 severity = "M" 72 severity = "M"

Mercurial Repository: eric

eric ide

mercurial