Mercurial Repositories > eric / file comparison
comparison: src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/generalHardcodedPassword.py
src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/generalHardcodedPassword.py
- branch
- eric7
- changeset 9221
- bf71ee032bb4
- parent 9209
- b99e7fd55fd3
- child 9653
- e67609152c5e
equal
deleted
inserted
replaced
| 9220:e9e7eca7efee | 9221:bf71ee032bb4 |
|---|---|
| 19 import re | 19 import re |
| 20 | 20 |
| 21 import AstUtilities | 21 import AstUtilities |
| 22 | 22 |
| 23 RE_WORDS = "(pas+wo?r?d|pass(phrase)?|pwd|token|secrete?|ken+wort|geheim)" | 23 RE_WORDS = "(pas+wo?r?d|pass(phrase)?|pwd|token|secrete?|ken+wort|geheim)" |
| 24 RE_CANDIDATES = re.compile( | 24 RE_CANDIDATES = re.compile("(^{0}$|_{0}_|^{0}_|_{0}$)".format(RE_WORDS), re.IGNORECASE) |
| 25 '(^{0}$|_{0}_|^{0}_|_{0}$)'.format(RE_WORDS), | |
| 26 re.IGNORECASE | |
| 27 ) | |
| 28 | 25 |
| 29 | 26 |
| 30 def getChecks(): | 27 def getChecks(): |
| 31 """ | 28 """ |
| 32 Public method to get a dictionary with checks handled by this module. | 29 Public method to get a dictionary with checks handled by this module. |
| 33 | 30 |
| 34 @return dictionary containing checker lists containing checker function and | 31 @return dictionary containing checker lists containing checker function and |
| 35 list of codes | 32 list of codes |
| 36 @rtype dict | 33 @rtype dict |
| 37 """ | 34 """ |
| 38 return { | 35 return { |
| 49 | 46 |
| 50 | 47 |
| 51 def checkHardcodedPasswordAsString(reportError, context, config): | 48 def checkHardcodedPasswordAsString(reportError, context, config): |
| 52 """ | 49 """ |
| 53 Function to check for use of hardcoded password strings. | 50 Function to check for use of hardcoded password strings. |
| 54 | 51 |
| 55 @param reportError function to be used to report errors | 52 @param reportError function to be used to report errors |
| 56 @type func | 53 @type func |
| 57 @param context security context object | 54 @param context security context object |
| 58 @type SecurityContext | 55 @type SecurityContext |
| 59 @param config dictionary with configuration data | 56 @param config dictionary with configuration data |
| 68 context.node.lineno - 1, | 65 context.node.lineno - 1, |
| 69 context.node.col_offset, | 66 context.node.col_offset, |
| 70 "S105", | 67 "S105", |
| 71 "L", | 68 "L", |
| 72 "M", | 69 "M", |
| 73 node.s | 70 node.s, |
| 74 ) | 71 ) |
| 75 | 72 |
| 76 elif ( | 73 elif isinstance(node._securityParent, ast.Index) and RE_CANDIDATES.search(node.s): |
| 77 isinstance(node._securityParent, ast.Index) and | |
| 78 RE_CANDIDATES.search(node.s) | |
| 79 ): | |
| 80 # looks for "dict[candidate]='some_string'" | 74 # looks for "dict[candidate]='some_string'" |
| 81 # assign -> subscript -> index -> string | 75 # assign -> subscript -> index -> string |
| 82 assign = node._securityParent._securityParent._securityParent | 76 assign = node._securityParent._securityParent._securityParent |
| 77 if isinstance(assign, ast.Assign) and AstUtilities.isString(assign.value): | |
| 78 reportError( | |
| 79 context.node.lineno - 1, | |
| 80 context.node.col_offset, | |
| 81 "S105", | |
| 82 "L", | |
| 83 "M", | |
| 84 assign.value.s, | |
| 85 ) | |
| 86 | |
| 87 elif isinstance(node._securityParent, ast.Compare): | |
| 88 # looks for "candidate == 'some_string'" | |
| 89 comp = node._securityParent | |
| 83 if ( | 90 if ( |
| 84 isinstance(assign, ast.Assign) and | 91 isinstance(comp.left, ast.Name) |
| 85 AstUtilities.isString(assign.value) | 92 and RE_CANDIDATES.search(comp.left.id) |
| 93 and AstUtilities.isString(comp.comparators[0]) | |
| 86 ): | 94 ): |
| 87 reportError( | 95 reportError( |
| 88 context.node.lineno - 1, | 96 context.node.lineno - 1, |
| 89 context.node.col_offset, | 97 context.node.col_offset, |
| 90 "S105", | 98 "S105", |
| 91 "L", | 99 "L", |
| 92 "M", | 100 "M", |
| 93 assign.value.s | 101 comp.comparators[0].s, |
| 94 ) | |
| 95 | |
| 96 elif isinstance(node._securityParent, ast.Compare): | |
| 97 # looks for "candidate == 'some_string'" | |
| 98 comp = node._securityParent | |
| 99 if ( | |
| 100 isinstance(comp.left, ast.Name) and | |
| 101 RE_CANDIDATES.search(comp.left.id) and | |
| 102 AstUtilities.isString(comp.comparators[0]) | |
| 103 ): | |
| 104 reportError( | |
| 105 context.node.lineno - 1, | |
| 106 context.node.col_offset, | |
| 107 "S105", | |
| 108 "L", | |
| 109 "M", | |
| 110 comp.comparators[0].s | |
| 111 ) | 102 ) |
| 112 | 103 |
| 113 | 104 |
| 114 def checkHardcodedPasswordAsFunctionArg(reportError, context, config): | 105 def checkHardcodedPasswordAsFunctionArg(reportError, context, config): |
| 115 """ | 106 """ |
| 116 Function to check for use of hard-coded password function arguments. | 107 Function to check for use of hard-coded password function arguments. |
| 117 | 108 |
| 118 @param reportError function to be used to report errors | 109 @param reportError function to be used to report errors |
| 119 @type func | 110 @type func |
| 120 @param context security context object | 111 @param context security context object |
| 121 @type SecurityContext | 112 @type SecurityContext |
| 122 @param config dictionary with configuration data | 113 @param config dictionary with configuration data |
| 129 context.node.lineno - 1, | 120 context.node.lineno - 1, |
| 130 context.node.col_offset, | 121 context.node.col_offset, |
| 131 "S106", | 122 "S106", |
| 132 "L", | 123 "L", |
| 133 "M", | 124 "M", |
| 134 kw.value.s | 125 kw.value.s, |
| 135 ) | 126 ) |
| 136 | 127 |
| 137 | 128 |
| 138 def checkHardcodedPasswordAsDefault(reportError, context, config): | 129 def checkHardcodedPasswordAsDefault(reportError, context, config): |
| 139 """ | 130 """ |
| 140 Function to check for use of hard-coded password argument defaults. | 131 Function to check for use of hard-coded password argument defaults. |
| 141 | 132 |
| 142 @param reportError function to be used to report errors | 133 @param reportError function to be used to report errors |
| 143 @type func | 134 @type func |
| 144 @param context security context object | 135 @param context security context object |
| 145 @type SecurityContext | 136 @type SecurityContext |
| 146 @param config dictionary with configuration data | 137 @param config dictionary with configuration data |
| 147 @type dict | 138 @type dict |
| 148 """ | 139 """ |
| 149 # looks for "def function(candidate='some_string')" | 140 # looks for "def function(candidate='some_string')" |
| 150 | 141 |
| 151 # this pads the list of default values with "None" if nothing is given | 142 # this pads the list of default values with "None" if nothing is given |
| 152 defs = [None] * (len(context.node.args.args) - | 143 defs = [None] * (len(context.node.args.args) - len(context.node.args.defaults)) |
| 153 len(context.node.args.defaults)) | |
| 154 defs.extend(context.node.args.defaults) | 144 defs.extend(context.node.args.defaults) |
| 155 | 145 |
| 156 # go through all (param, value)s and look for candidates | 146 # go through all (param, value)s and look for candidates |
| 157 for key, val in zip(context.node.args.args, defs): | 147 for key, val in zip(context.node.args.args, defs): |
| 158 if ( | 148 if ( |
| 159 isinstance(key, (ast.Name, ast.arg)) and | 149 isinstance(key, (ast.Name, ast.arg)) |
| 160 AstUtilities.isString(val) and RE_CANDIDATES.search(key.arg) | 150 and AstUtilities.isString(val) |
| 151 and RE_CANDIDATES.search(key.arg) | |
| 161 ): | 152 ): |
| 162 reportError( | 153 reportError( |
| 163 context.node.lineno - 1, | 154 context.node.lineno - 1, |
| 164 context.node.col_offset, | 155 context.node.col_offset, |
| 165 "S107", | 156 "S107", |
| 166 "L", | 157 "L", |
| 167 "M", | 158 "M", |
| 168 val.s | 159 val.s, |
| 169 ) | 160 ) |
