Mercurial Repositories > eric / file comparison

comparison: src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py

branch
eric7
changeset 9325
8157eb19aba5
parent 9221
bf71ee032bb4
child 9576
be9f8e7e42e0
equal deleted inserted replaced
9324:7f7f3e47b238 9325:8157eb19aba5
40 ), 40 ),
41 # hardcoded tmp directory 41 # hardcoded tmp directory
42 "S108": QCoreApplication.translate( 42 "S108": QCoreApplication.translate(
43 "Security", "Probable insecure usage of temp file/directory." 43 "Security", "Probable insecure usage of temp file/directory."
44 ), 44 ),
45 # try-except 45 # try-except and contextlib.suppress
46 "S110": QCoreApplication.translate("Security", "Try, Except, Pass detected."), 46 "S110": QCoreApplication.translate("Security", "Try, Except, Pass detected."),
47 "S112": QCoreApplication.translate("Security", "Try, Except, Continue detected."), 47 "S112": QCoreApplication.translate("Security", "Try, Except, Continue detected."),
48 "S113": QCoreApplication.translate("Security", "'contextlib.suppress()' detected."),
49 # request without timeout
50 "S114.1": QCoreApplication.translate("Security", "Requests call without timeout."),
51 "S114.2": QCoreApplication.translate(
52 "Security",
53 "Requests call with timeout set to None.",
54 ),
48 # flask app 55 # flask app
49 "S201": QCoreApplication.translate( 56 "S201": QCoreApplication.translate(
50 "Security", 57 "Security",
51 "A Flask app appears to be run with debug=True, which exposes the" 58 "A Flask app appears to be run with debug=True, which exposes the"
52 " Werkzeug debugger and allows the execution of arbitrary code.", 59 " Werkzeug debugger and allows the execution of arbitrary code.",
53 ), 60 ),
61 # tarfile.extractall
62 "S202.1": QCoreApplication.translate(
63 "Security",
64 "Usage of 'tarfile.extractall(members=function(tarfile))'. "
65 "Make sure your function properly discards dangerous members ({0}).",
66 ),
67 "S202.2": QCoreApplication.translate(
68 "Security",
69 "Found 'tarfile.extractall(members=?)' but couldn't identify the type of"
70 " members. Check if the members were properly validated ({0}).",
71 ),
72 "S202.3": QCoreApplication.translate(
73 "Security",
74 "'tarfile.extractall()' used without any validation. Please check and"
75 " discard dangerous members.",
76 ),
54 # blacklisted calls 77 # blacklisted calls
55 "S301": QCoreApplication.translate( 78 "S301": QCoreApplication.translate(
56 "Security", 79 "Security",
57 "Pickle and modules that wrap it can be unsafe when used to " 80 "Pickle and modules that wrap it can be unsafe when used to "
58 "deserialize untrusted data, possible security issue.", 81 "deserialize untrusted data, possible security issue.",
74 "S306": QCoreApplication.translate( 97 "S306": QCoreApplication.translate(
75 "Security", "Use of insecure and deprecated function (mktemp)." 98 "Security", "Use of insecure and deprecated function (mktemp)."
76 ), 99 ),
77 "S307": QCoreApplication.translate( 100 "S307": QCoreApplication.translate(
78 "Security", 101 "Security",
79 "Use of possibly insecure function - consider using safer" " ast.literal_eval.", 102 "Use of possibly insecure function - consider using safer ast.literal_eval.",
80 ), 103 ),
81 "S308": QCoreApplication.translate( 104 "S308": QCoreApplication.translate(
82 "Security", 105 "Security",
83 "Use of mark_safe() may expose cross-site scripting vulnerabilities" 106 "Use of mark_safe() may expose cross-site scripting vulnerabilities"
84 " and should be reviewed.", 107 " and should be reviewed.",
179 ), 202 ),
180 # hashlib.new 203 # hashlib.new
181 "S331": QCoreApplication.translate( 204 "S331": QCoreApplication.translate(
182 "Security", "Use of insecure {0} hash function." 205 "Security", "Use of insecure {0} hash function."
183 ), 206 ),
207 "S332": QCoreApplication.translate(
208 "Security",
209 "Use of insecure {0} hash for security. Consider" " 'usedforsecurity=False'.",
210 ),
184 # blacklisted imports 211 # blacklisted imports
185 "S401": QCoreApplication.translate( 212 "S401": QCoreApplication.translate(
186 "Security", 213 "Security",
187 "A telnet-related module is being imported. Telnet is considered" 214 "A telnet-related module is being imported. Telnet is considered"
188 " insecure. Use SSH or some other encrypted protocol.", 215 " insecure. Use SSH or some other encrypted protocol.",
192 "A FTP-related module is being imported. FTP is considered" 219 "A FTP-related module is being imported. FTP is considered"
193 " insecure. Use SSH/SFTP/SCP or some other encrypted protocol.", 220 " insecure. Use SSH/SFTP/SCP or some other encrypted protocol.",
194 ), 221 ),
195 "S403": QCoreApplication.translate( 222 "S403": QCoreApplication.translate(
196 "Security", 223 "Security",
197 "Consider possible security implications associated with the '{0}'" " module.", 224 "Consider possible security implications associated with the '{0}' module.",
198 ), 225 ),
199 "S404": QCoreApplication.translate( 226 "S404": QCoreApplication.translate(
200 "Security", 227 "Security",
201 "Consider possible security implications associated with the '{0}'" " module.", 228 "Consider possible security implications associated with the '{0}' module.",
202 ), 229 ),
203 "S405": QCoreApplication.translate( 230 "S405": QCoreApplication.translate(
204 "Security", 231 "Security",
205 "Using '{0}' to parse untrusted XML data is known to be vulnerable" 232 "Using '{0}' to parse untrusted XML data is known to be vulnerable"
206 " to XML attacks. Replace '{0}' with the equivalent defusedxml" 233 " to XML attacks. Replace '{0}' with the equivalent defusedxml"
242 " to XML attacks. Use defused.xmlrpc.monkey_patch() function to" 269 " to XML attacks. Use defused.xmlrpc.monkey_patch() function to"
243 " monkey-patch xmlrpclib and mitigate XML vulnerabilities.", 270 " monkey-patch xmlrpclib and mitigate XML vulnerabilities.",
244 ), 271 ),
245 "S412": QCoreApplication.translate( 272 "S412": QCoreApplication.translate(
246 "Security", 273 "Security",
247 "Consider possible security implications associated with '{0}'" " module.", 274 "Consider possible security implications associated with '{0}' module.",
248 ), 275 ),
249 "S413": QCoreApplication.translate( 276 "S413": QCoreApplication.translate(
250 "Security", 277 "Security",
251 "The pyCrypto library and its module '{0}' are no longer actively" 278 "The pyCrypto library and its module '{0}' are no longer actively"
252 " maintained and have been deprecated. Consider using" 279 " maintained and have been deprecated. Consider using"
253 " pyca/cryptography library.", 280 " pyca/cryptography library.",
254 ), 281 ),
282 "S414": QCoreApplication.translate(
283 "Security",
284 "An IPMI-related module is being imported. IPMI is considered "
285 "insecure. Use an encrypted protocol.",
286 ),
255 # insecure certificate usage 287 # insecure certificate usage
256 "S501": QCoreApplication.translate( 288 "S501": QCoreApplication.translate(
257 "Security", 289 "Security",
258 "'requests' call with verify=False disabling SSL certificate checks," 290 "'requests' call with verify=False disabling SSL certificate checks,"
259 " security issue.", 291 " security issue.",
295 " objects. Consider 'yaml.safe_load()'.", 327 " objects. Consider 'yaml.safe_load()'.",
296 ), 328 ),
297 # SSH host key verification 329 # SSH host key verification
298 "S507": QCoreApplication.translate( 330 "S507": QCoreApplication.translate(
299 "Security", 331 "Security",
300 "Paramiko call with policy set to automatically trust the unknown" " host key.", 332 "Paramiko call with policy set to automatically trust the unknown host key.",
333 ),
334 # insecure SNMP
335 "S508": QCoreApplication.translate(
336 "Security",
337 "The use of SNMPv1 and SNMPv2 is insecure. You should use SNMPv3 if possible.",
338 ),
339 "S509": QCoreApplication.translate(
340 "Security",
341 "You should not use SNMPv3 without encryption. noAuthNoPriv & authNoPriv is"
342 " insecure.",
301 ), 343 ),
302 # Shell injection 344 # Shell injection
303 "S601": QCoreApplication.translate( 345 "S601": QCoreApplication.translate(
304 "Security", 346 "Security",
305 "Possible shell injection via 'Paramiko' call, check inputs are" 347 "Possible shell injection via 'Paramiko' call, check inputs are"
338 "Security", "Starting a process with a partial executable path." 380 "Security", "Starting a process with a partial executable path."
339 ), 381 ),
340 # SQL injection 382 # SQL injection
341 "S608": QCoreApplication.translate( 383 "S608": QCoreApplication.translate(
342 "Security", 384 "Security",
343 "Possible SQL injection vector through string-based query" " construction.", 385 "Possible SQL injection vector through string-based query construction.",
344 ), 386 ),
345 # Wildcard injection 387 # Wildcard injection
346 "S609": QCoreApplication.translate( 388 "S609": QCoreApplication.translate(
347 "Security", "Possible wildcard injection in call: {0}" 389 "Security", "Possible wildcard injection in call: {0}"
348 ), 390 ),
390 _securityMessagesSampleArgs = { 432 _securityMessagesSampleArgs = {
391 "S103": ["0o777", "testfile.txt"], 433 "S103": ["0o777", "testfile.txt"],
392 "S105": ["password"], 434 "S105": ["password"],
393 "S106": ["password"], 435 "S106": ["password"],
394 "S107": ["password"], 436 "S107": ["password"],
437 "S202.1": ["members_filter(tar)"],
438 "S202.2": ["tar"],
395 "S304": ["Crypto.Cipher.DES"], 439 "S304": ["Crypto.Cipher.DES"],
396 "S305": ["cryptography.hazmat.primitives.ciphers.modes.ECB"], 440 "S305": ["cryptography.hazmat.primitives.ciphers.modes.ECB"],
397 "S313": ["xml.etree.cElementTree.parse"], 441 "S313": ["xml.etree.cElementTree.parse"],
398 "S314": ["xml.etree.ElementTree.parse"], 442 "S314": ["xml.etree.ElementTree.parse"],
399 "S315": ["xml.sax.expatreader.create_parser"], 443 "S315": ["xml.sax.expatreader.create_parser"],

Mercurial Repository: eric

eric ide

mercurial