Mercurial Repositories > eric / file comparison
comparison: src/eric7/Documentation/Source/eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.injectionShell.html
src/eric7/Documentation/Source/eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.injectionShell.html
- branch
- eric7
- changeset 9209
- b99e7fd55fd3
- parent 8596
- d64760b2da50
- child 9325
- 8157eb19aba5
equal
deleted
inserted
replaced
| 9208:3fc8dfeb6ebe | 9209:b99e7fd55fd3 |
|---|---|
| 1 <!DOCTYPE html> | |
| 2 <html><head> | |
| 3 <title>eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.injectionShell</title> | |
| 4 <meta charset="UTF-8"> | |
| 5 <link rel="stylesheet" href="styles.css"> | |
| 6 </head> | |
| 7 <body> | |
| 8 <a NAME="top" ID="top"></a> | |
| 9 <h1>eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.injectionShell</h1> | |
| 10 | |
| 11 <p> | |
| 12 Module implementing a check for shell injection. | |
| 13 </p> | |
| 14 <h3>Global Attributes</h3> | |
| 15 | |
| 16 <table> | |
| 17 <tr><td>fullPathMatchRe</td></tr> | |
| 18 </table> | |
| 19 <h3>Classes</h3> | |
| 20 | |
| 21 <table> | |
| 22 <tr><td>None</td></tr> | |
| 23 </table> | |
| 24 <h3>Functions</h3> | |
| 25 | |
| 26 <table> | |
| 27 | |
| 28 <tr> | |
| 29 <td><a href="#_evaluateShellCall">_evaluateShellCall</a></td> | |
| 30 <td>Function to determine the severity of a shell call.</td> | |
| 31 </tr> | |
| 32 <tr> | |
| 33 <td><a href="#checkOtherFunctionWithShell">checkOtherFunctionWithShell</a></td> | |
| 34 <td>Function to check for any function with shell equals true.</td> | |
| 35 </tr> | |
| 36 <tr> | |
| 37 <td><a href="#checkStartProcessWithNoShell">checkStartProcessWithNoShell</a></td> | |
| 38 <td>Function to check for starting a process with no shell.</td> | |
| 39 </tr> | |
| 40 <tr> | |
| 41 <td><a href="#checkStartProcessWithPartialPath">checkStartProcessWithPartialPath</a></td> | |
| 42 <td>Function to check for starting a process with no shell.</td> | |
| 43 </tr> | |
| 44 <tr> | |
| 45 <td><a href="#checkStartProcessWithShell">checkStartProcessWithShell</a></td> | |
| 46 <td>Function to check for starting a process with a shell.</td> | |
| 47 </tr> | |
| 48 <tr> | |
| 49 <td><a href="#checkSubprocessPopenWithShell">checkSubprocessPopenWithShell</a></td> | |
| 50 <td>Function to check for use of popen with shell equals true.</td> | |
| 51 </tr> | |
| 52 <tr> | |
| 53 <td><a href="#checkSubprocessPopenWithoutShell">checkSubprocessPopenWithoutShell</a></td> | |
| 54 <td>Function to check for use of popen without shell equals true.</td> | |
| 55 </tr> | |
| 56 <tr> | |
| 57 <td><a href="#getChecks">getChecks</a></td> | |
| 58 <td>Public method to get a dictionary with checks handled by this module.</td> | |
| 59 </tr> | |
| 60 <tr> | |
| 61 <td><a href="#hasShell">hasShell</a></td> | |
| 62 <td>Function to check, if the node of the context contains the shell keyword.</td> | |
| 63 </tr> | |
| 64 </table> | |
| 65 <hr /> | |
| 66 <hr /> | |
| 67 <a NAME="_evaluateShellCall" ID="_evaluateShellCall"></a> | |
| 68 <h2>_evaluateShellCall</h2> | |
| 69 <b>_evaluateShellCall</b>(<i>context</i>) | |
| 70 | |
| 71 <p> | |
| 72 Function to determine the severity of a shell call. | |
| 73 </p> | |
| 74 <dl> | |
| 75 | |
| 76 <dt><i>context</i> (SecurityContext)</dt> | |
| 77 <dd> | |
| 78 context to be inspected | |
| 79 </dd> | |
| 80 </dl> | |
| 81 <dl> | |
| 82 <dt>Return:</dt> | |
| 83 <dd> | |
| 84 severity level (L, M or H) | |
| 85 </dd> | |
| 86 </dl> | |
| 87 <dl> | |
| 88 <dt>Return Type:</dt> | |
| 89 <dd> | |
| 90 str | |
| 91 </dd> | |
| 92 </dl> | |
| 93 <div align="right"><a href="#top">Up</a></div> | |
| 94 <hr /> | |
| 95 <hr /> | |
| 96 <a NAME="checkOtherFunctionWithShell" ID="checkOtherFunctionWithShell"></a> | |
| 97 <h2>checkOtherFunctionWithShell</h2> | |
| 98 <b>checkOtherFunctionWithShell</b>(<i>reportError, context, config</i>) | |
| 99 | |
| 100 <p> | |
| 101 Function to check for any function with shell equals true. | |
| 102 </p> | |
| 103 <dl> | |
| 104 | |
| 105 <dt><i>reportError</i> (func)</dt> | |
| 106 <dd> | |
| 107 function to be used to report errors | |
| 108 </dd> | |
| 109 <dt><i>context</i> (SecurityContext)</dt> | |
| 110 <dd> | |
| 111 security context object | |
| 112 </dd> | |
| 113 <dt><i>config</i> (dict)</dt> | |
| 114 <dd> | |
| 115 dictionary with configuration data | |
| 116 </dd> | |
| 117 </dl> | |
| 118 <div align="right"><a href="#top">Up</a></div> | |
| 119 <hr /> | |
| 120 <hr /> | |
| 121 <a NAME="checkStartProcessWithNoShell" ID="checkStartProcessWithNoShell"></a> | |
| 122 <h2>checkStartProcessWithNoShell</h2> | |
| 123 <b>checkStartProcessWithNoShell</b>(<i>reportError, context, config</i>) | |
| 124 | |
| 125 <p> | |
| 126 Function to check for starting a process with no shell. | |
| 127 </p> | |
| 128 <dl> | |
| 129 | |
| 130 <dt><i>reportError</i> (func)</dt> | |
| 131 <dd> | |
| 132 function to be used to report errors | |
| 133 </dd> | |
| 134 <dt><i>context</i> (SecurityContext)</dt> | |
| 135 <dd> | |
| 136 security context object | |
| 137 </dd> | |
| 138 <dt><i>config</i> (dict)</dt> | |
| 139 <dd> | |
| 140 dictionary with configuration data | |
| 141 </dd> | |
| 142 </dl> | |
| 143 <div align="right"><a href="#top">Up</a></div> | |
| 144 <hr /> | |
| 145 <hr /> | |
| 146 <a NAME="checkStartProcessWithPartialPath" ID="checkStartProcessWithPartialPath"></a> | |
| 147 <h2>checkStartProcessWithPartialPath</h2> | |
| 148 <b>checkStartProcessWithPartialPath</b>(<i>reportError, context, config</i>) | |
| 149 | |
| 150 <p> | |
| 151 Function to check for starting a process with no shell. | |
| 152 </p> | |
| 153 <dl> | |
| 154 | |
| 155 <dt><i>reportError</i> (func)</dt> | |
| 156 <dd> | |
| 157 function to be used to report errors | |
| 158 </dd> | |
| 159 <dt><i>context</i> (SecurityContext)</dt> | |
| 160 <dd> | |
| 161 security context object | |
| 162 </dd> | |
| 163 <dt><i>config</i> (dict)</dt> | |
| 164 <dd> | |
| 165 dictionary with configuration data | |
| 166 </dd> | |
| 167 </dl> | |
| 168 <div align="right"><a href="#top">Up</a></div> | |
| 169 <hr /> | |
| 170 <hr /> | |
| 171 <a NAME="checkStartProcessWithShell" ID="checkStartProcessWithShell"></a> | |
| 172 <h2>checkStartProcessWithShell</h2> | |
| 173 <b>checkStartProcessWithShell</b>(<i>reportError, context, config</i>) | |
| 174 | |
| 175 <p> | |
| 176 Function to check for starting a process with a shell. | |
| 177 </p> | |
| 178 <dl> | |
| 179 | |
| 180 <dt><i>reportError</i> (func)</dt> | |
| 181 <dd> | |
| 182 function to be used to report errors | |
| 183 </dd> | |
| 184 <dt><i>context</i> (SecurityContext)</dt> | |
| 185 <dd> | |
| 186 security context object | |
| 187 </dd> | |
| 188 <dt><i>config</i> (dict)</dt> | |
| 189 <dd> | |
| 190 dictionary with configuration data | |
| 191 </dd> | |
| 192 </dl> | |
| 193 <div align="right"><a href="#top">Up</a></div> | |
| 194 <hr /> | |
| 195 <hr /> | |
| 196 <a NAME="checkSubprocessPopenWithShell" ID="checkSubprocessPopenWithShell"></a> | |
| 197 <h2>checkSubprocessPopenWithShell</h2> | |
| 198 <b>checkSubprocessPopenWithShell</b>(<i>reportError, context, config</i>) | |
| 199 | |
| 200 <p> | |
| 201 Function to check for use of popen with shell equals true. | |
| 202 </p> | |
| 203 <dl> | |
| 204 | |
| 205 <dt><i>reportError</i> (func)</dt> | |
| 206 <dd> | |
| 207 function to be used to report errors | |
| 208 </dd> | |
| 209 <dt><i>context</i> (SecurityContext)</dt> | |
| 210 <dd> | |
| 211 security context object | |
| 212 </dd> | |
| 213 <dt><i>config</i> (dict)</dt> | |
| 214 <dd> | |
| 215 dictionary with configuration data | |
| 216 </dd> | |
| 217 </dl> | |
| 218 <div align="right"><a href="#top">Up</a></div> | |
| 219 <hr /> | |
| 220 <hr /> | |
| 221 <a NAME="checkSubprocessPopenWithoutShell" ID="checkSubprocessPopenWithoutShell"></a> | |
| 222 <h2>checkSubprocessPopenWithoutShell</h2> | |
| 223 <b>checkSubprocessPopenWithoutShell</b>(<i>reportError, context, config</i>) | |
| 224 | |
| 225 <p> | |
| 226 Function to check for use of popen without shell equals true. | |
| 227 </p> | |
| 228 <dl> | |
| 229 | |
| 230 <dt><i>reportError</i> (func)</dt> | |
| 231 <dd> | |
| 232 function to be used to report errors | |
| 233 </dd> | |
| 234 <dt><i>context</i> (SecurityContext)</dt> | |
| 235 <dd> | |
| 236 security context object | |
| 237 </dd> | |
| 238 <dt><i>config</i> (dict)</dt> | |
| 239 <dd> | |
| 240 dictionary with configuration data | |
| 241 </dd> | |
| 242 </dl> | |
| 243 <div align="right"><a href="#top">Up</a></div> | |
| 244 <hr /> | |
| 245 <hr /> | |
| 246 <a NAME="getChecks" ID="getChecks"></a> | |
| 247 <h2>getChecks</h2> | |
| 248 <b>getChecks</b>(<i></i>) | |
| 249 | |
| 250 <p> | |
| 251 Public method to get a dictionary with checks handled by this module. | |
| 252 </p> | |
| 253 <dl> | |
| 254 <dt>Return:</dt> | |
| 255 <dd> | |
| 256 dictionary containing checker lists containing checker function and | |
| 257 list of codes | |
| 258 </dd> | |
| 259 </dl> | |
| 260 <dl> | |
| 261 <dt>Return Type:</dt> | |
| 262 <dd> | |
| 263 dict | |
| 264 </dd> | |
| 265 </dl> | |
| 266 <div align="right"><a href="#top">Up</a></div> | |
| 267 <hr /> | |
| 268 <hr /> | |
| 269 <a NAME="hasShell" ID="hasShell"></a> | |
| 270 <h2>hasShell</h2> | |
| 271 <b>hasShell</b>(<i>context</i>) | |
| 272 | |
| 273 <p> | |
| 274 Function to check, if the node of the context contains the shell keyword. | |
| 275 </p> | |
| 276 <dl> | |
| 277 | |
| 278 <dt><i>context</i> (SecurityContext)</dt> | |
| 279 <dd> | |
| 280 context to be inspected | |
| 281 </dd> | |
| 282 </dl> | |
| 283 <dl> | |
| 284 <dt>Return:</dt> | |
| 285 <dd> | |
| 286 tuple containing a flag indicating the presence of the 'shell' | |
| 287 argument and flag indicating the value of the 'shell' argument | |
| 288 </dd> | |
| 289 </dl> | |
| 290 <dl> | |
| 291 <dt>Return Type:</dt> | |
| 292 <dd> | |
| 293 tuple of (bool, bool) | |
| 294 </dd> | |
| 295 </dl> | |
| 296 <div align="right"><a href="#top">Up</a></div> | |
| 297 <hr /> | |
| 298 </body></html> |
