Mercurial Repositories > eric / file comparison

comparison: src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/jinja2Templates.py

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/jinja2Templates.py

branch
eric7
changeset 9221
bf71ee032bb4
parent 9209
b99e7fd55fd3
child 9325
8157eb19aba5
equal deleted inserted replaced
9220:e9e7eca7efee 9221:bf71ee032bb4
19 19
20 20
21 def getChecks(): 21 def getChecks():
22 """ 22 """
23 Public method to get a dictionary with checks handled by this module. 23 Public method to get a dictionary with checks handled by this module.
24 24
25 @return dictionary containing checker lists containing checker function and 25 @return dictionary containing checker lists containing checker function and
26 list of codes 26 list of codes
27 @rtype dict 27 @rtype dict
28 """ 28 """
29 return { 29 return {
34 34
35 35
36 def checkJinja2Autoescape(reportError, context, config): 36 def checkJinja2Autoescape(reportError, context, config):
37 """ 37 """
38 Function to check for not auto escaping in jinja2. 38 Function to check for not auto escaping in jinja2.
39 39
40 @param reportError function to be used to report errors 40 @param reportError function to be used to report errors
41 @type func 41 @type func
42 @param context security context object 42 @param context security context object
43 @type SecurityContext 43 @type SecurityContext
44 @param config dictionary with configuration data 44 @param config dictionary with configuration data
45 @type dict 45 @type dict
46 """ 46 """
47 if isinstance(context.callFunctionNameQual, str): 47 if isinstance(context.callFunctionNameQual, str):
48 qualnameList = context.callFunctionNameQual.split('.') 48 qualnameList = context.callFunctionNameQual.split(".")
49 func = qualnameList[-1] 49 func = qualnameList[-1]
50 if 'jinja2' in qualnameList and func == 'Environment': 50 if "jinja2" in qualnameList and func == "Environment":
51 for node in ast.walk(context.node): 51 for node in ast.walk(context.node):
52 if isinstance(node, ast.keyword): 52 if isinstance(node, ast.keyword):
53 # definite autoescape = False 53 # definite autoescape = False
54 if ( 54 if getattr(node, "arg", None) == "autoescape" and (
55 getattr(node, 'arg', None) == 'autoescape' and 55 getattr(node.value, "id", None) == "False"
56 ( 56 or getattr(node.value, "value", None) is False
57 getattr(node.value, 'id', None) == 'False' or
58 getattr(node.value, 'value', None) is False
59 )
60 ): 57 ):
61 reportError( 58 reportError(
62 context.node.lineno - 1, 59 context.node.lineno - 1,
63 context.node.col_offset, 60 context.node.col_offset,
64 "S701.1", 61 "S701.1",
65 "H", 62 "H",
66 "H", 63 "H",
67 ) 64 )
68 return 65 return
69 66
70 # found autoescape 67 # found autoescape
71 if getattr(node, 'arg', None) == 'autoescape': 68 if getattr(node, "arg", None) == "autoescape":
72 value = getattr(node, 'value', None) 69 value = getattr(node, "value", None)
73 if ( 70 if (
74 getattr(value, 'id', None) == 'True' or 71 getattr(value, "id", None) == "True"
75 getattr(value, 'value', None) is True or 72 or getattr(value, "value", None) is True
76 (isinstance(value, ast.Call) and 73 or (
77 (getattr(value.func, 'id', None) == 74 isinstance(value, ast.Call)
78 'select_autoescape')) 75 and (
76 getattr(value.func, "id", None)
77 == "select_autoescape"
78 )
79 )
79 ): 80 ):
80 return 81 return
81 82
82 else: 83 else:
83 reportError( 84 reportError(
84 context.node.lineno - 1, 85 context.node.lineno - 1,
85 context.node.col_offset, 86 context.node.col_offset,
86 "S701.1", 87 "S701.1",
87 "H", 88 "H",
88 "M", 89 "M",
89 ) 90 )
90 return 91 return
91 92
92 # We haven't found a keyword named autoescape, indicating default 93 # We haven't found a keyword named autoescape, indicating default
93 # behavior 94 # behavior
94 reportError( 95 reportError(
95 context.node.lineno - 1, 96 context.node.lineno - 1,
96 context.node.col_offset, 97 context.node.col_offset,

Mercurial Repository: eric

eric ide

mercurial