eric: comparison src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py

-:e9e7eca7efee
+:bf71ee032bb4
 _securityMessages = {
 # assert used
 "S101": QCoreApplication.translate(
 "Security",
 "Use of 'assert' detected. The enclosed code will be removed when"
-" compiling to optimised byte code."),
+" compiling to optimised byte code.",
+),
 # exec used
-"S102": QCoreApplication.translate(
+"S102": QCoreApplication.translate("Security", "Use of 'exec' detected."),
-"Security",
-"Use of 'exec' detected."),
 # bad file permissions
 "S103": QCoreApplication.translate(
-"Security",
+"Security", "'chmod' setting a permissive mask {0} on file ({1})."
-"'chmod' setting a permissive mask {0} on file ({1})."),
+),
 # bind to all interfaces
 "S104": QCoreApplication.translate(
-"Security",
+"Security", "Possible binding to all interfaces."
-"Possible binding to all interfaces."),
+),
 # hardcoded passwords
 "S105": QCoreApplication.translate(
-"Security",
+"Security", "Possible hardcoded password: '{0}'"
-"Possible hardcoded password: '{0}'"),
+),
 "S106": QCoreApplication.translate(
-"Security",
+"Security", "Possible hardcoded password: '{0}'"
-"Possible hardcoded password: '{0}'"),
+),
 "S107": QCoreApplication.translate(
-"Security",
+"Security", "Possible hardcoded password: '{0}'"
-"Possible hardcoded password: '{0}'"),
+),
 # hardcoded tmp directory
 "S108": QCoreApplication.translate(
-"Security",
+"Security", "Probable insecure usage of temp file/directory."
-"Probable insecure usage of temp file/directory."),
+),
 # try-except
-"S110": QCoreApplication.translate(
+"S110": QCoreApplication.translate("Security", "Try, Except, Pass detected."),
-"Security",
+"S112": QCoreApplication.translate("Security", "Try, Except, Continue detected."),
-"Try, Except, Pass detected."),
-"S112": QCoreApplication.translate(
-"Security",
-"Try, Except, Continue detected."),
 # flask app
 "S201": QCoreApplication.translate(
 "Security",
 "A Flask app appears to be run with debug=True, which exposes the"
-" Werkzeug debugger and allows the execution of arbitrary code."),
+" Werkzeug debugger and allows the execution of arbitrary code.",
+),
 # blacklisted calls
 "S301": QCoreApplication.translate(
 "Security",
 "Pickle and modules that wrap it can be unsafe when used to "
-"deserialize untrusted data, possible security issue."),
+"deserialize untrusted data, possible security issue.",
+),
 "S302": QCoreApplication.translate(
-"Security",
+"Security", "Deserialization with the marshal module is possibly dangerous."
-"Deserialization with the marshal module is possibly dangerous."),
+),
 "S303": QCoreApplication.translate(
-"Security",
+"Security", "Use of insecure MD2, MD4, MD5, or SHA1 hash function."
-"Use of insecure MD2, MD4, MD5, or SHA1 hash function."),
+),
 "S304": QCoreApplication.translate(
 "Security",
 "Use of insecure cipher '{0}'. Replace with a known secure cipher"
-" such as AES."),
+" such as AES.",
+),
 "S305": QCoreApplication.translate(
-"Security",
+"Security", "Use of insecure cipher mode '{0}'."
-"Use of insecure cipher mode '{0}'."),
+),
 "S306": QCoreApplication.translate(
-"Security",
+"Security", "Use of insecure and deprecated function (mktemp)."
-"Use of insecure and deprecated function (mktemp)."),
+),
 "S307": QCoreApplication.translate(
 "Security",
-"Use of possibly insecure function - consider using safer"
+"Use of possibly insecure function - consider using safer" " ast.literal_eval.",
-" ast.literal_eval."),
+),
 "S308": QCoreApplication.translate(
 "Security",
 "Use of mark_safe() may expose cross-site scripting vulnerabilities"
-" and should be reviewed."),
+" and should be reviewed.",
+),
 "S309": QCoreApplication.translate(
 "Security",
 "Use of HTTPSConnection on older versions of Python prior to 2.7.9"
 " and 3.4.3 do not provide security, see"
-" https://wiki.openstack.org/wiki/OSSN/OSSN-0033"),
+" https://wiki.openstack.org/wiki/OSSN/OSSN-0033",
+),
 "S310": QCoreApplication.translate(
 "Security",
 "Audit url open for permitted schemes. Allowing use of file:/ or"
-" custom schemes is often unexpected."),
+" custom schemes is often unexpected.",
+),
 "S311": QCoreApplication.translate(
 "Security",
 "Standard pseudo-random generators are not suitable for"
-" security/cryptographic purposes."),
+" security/cryptographic purposes.",
+),
 "S312": QCoreApplication.translate(
 "Security",
 "Telnet-related functions are being called. Telnet is considered"
-" insecure. Use SSH or some other encrypted protocol."),
+" insecure. Use SSH or some other encrypted protocol.",
+),
 "S313": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable to"
 " XML attacks. Replace '{0}' with its defusedxml equivalent function"
-" or make sure defusedxml.defuse_stdlib() is called."),
+" or make sure defusedxml.defuse_stdlib() is called.",
+),
 "S314": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable to"
 " XML attacks. Replace '{0}' with its defusedxml equivalent function"
-" or make sure defusedxml.defuse_stdlib() is called."),
+" or make sure defusedxml.defuse_stdlib() is called.",
+),
 "S315": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable to"
 " XML attacks. Replace '{0}' with its defusedxml equivalent function"
-" or make sure defusedxml.defuse_stdlib() is called."),
+" or make sure defusedxml.defuse_stdlib() is called.",
+),
 "S316": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable to"
 " XML attacks. Replace '{0}' with its defusedxml equivalent function"
-" or make sure defusedxml.defuse_stdlib() is called."),
+" or make sure defusedxml.defuse_stdlib() is called.",
+),
 "S317": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable to"
 " XML attacks. Replace '{0}' with its defusedxml equivalent function"
-" or make sure defusedxml.defuse_stdlib() is called."),
+" or make sure defusedxml.defuse_stdlib() is called.",
+),
 "S318": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable to"
 " XML attacks. Replace '{0}' with its defusedxml equivalent function"
-" or make sure defusedxml.defuse_stdlib() is called."),
+" or make sure defusedxml.defuse_stdlib() is called.",
+),
 "S319": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable to"
 " XML attacks. Replace '{0}' with its defusedxml equivalent function"
-" or make sure defusedxml.defuse_stdlib() is called."),
+" or make sure defusedxml.defuse_stdlib() is called.",
+),
 "S320": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable to"
 " XML attacks. Replace '{0}' with its defusedxml equivalent"
-" function."),
+" function.",
+),
 "S321": QCoreApplication.translate(
 "Security",
 "FTP-related functions are being called. FTP is considered insecure."
-" Use SSH/SFTP/SCP or some other encrypted protocol."),
+" Use SSH/SFTP/SCP or some other encrypted protocol.",
+),
 "S322": QCoreApplication.translate(
 "Security",
 "The input method in Python 2 will read from standard input, evaluate"
 " and run the resulting string as Python source code. This is"
 " similar, though in many ways worse, than using eval. On Python 2,"
-" use raw_input instead, input is safe in Python 3."),
+" use raw_input instead, input is safe in Python 3.",
+),
 "S323": QCoreApplication.translate(
 "Security",
 "By default, Python will create a secure, verified SSL context for"
 " use in such classes as HTTPSConnection. However, it still allows"
 " using an insecure context via the _create_unverified_context that"
 " reverts to the previous behavior that does not validate"
-" certificates or perform hostname checks."),
+" certificates or perform hostname checks.",
+),
 "S324": QCoreApplication.translate(
 "Security",
 "Use of os.tempnam() and os.tmpnam() is vulnerable to symlink"
-" attacks. Consider using tmpfile() instead."),
+" attacks. Consider using tmpfile() instead.",
+),
 # hashlib.new
 "S331": QCoreApplication.translate(
-"Security",
+"Security", "Use of insecure {0} hash function."
-"Use of insecure {0} hash function."),
+),
 # blacklisted imports
 "S401": QCoreApplication.translate(
 "Security",
 "A telnet-related module is being imported.  Telnet is considered"
-" insecure. Use SSH or some other encrypted protocol."),
+" insecure. Use SSH or some other encrypted protocol.",
+),
 "S402": QCoreApplication.translate(
 "Security",
 "A FTP-related module is being imported.  FTP is considered"
-" insecure. Use SSH/SFTP/SCP or some other encrypted protocol."),
+" insecure. Use SSH/SFTP/SCP or some other encrypted protocol.",
+),
 "S403": QCoreApplication.translate(
 "Security",
-"Consider possible security implications associated with the '{0}'"
+"Consider possible security implications associated with the '{0}'" " module.",
-" module."),
+),
 "S404": QCoreApplication.translate(
 "Security",
-"Consider possible security implications associated with the '{0}'"
+"Consider possible security implications associated with the '{0}'" " module.",
-" module."),
+),
 "S405": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable"
 " to XML attacks. Replace '{0}' with the equivalent defusedxml"
-" package, or make sure defusedxml.defuse_stdlib() is called."),
+" package, or make sure defusedxml.defuse_stdlib() is called.",
+),
 "S406": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable"
 " to XML attacks. Replace '{0}' with the equivalent defusedxml"
-" package, or make sure defusedxml.defuse_stdlib() is called."),
+" package, or make sure defusedxml.defuse_stdlib() is called.",
+),
 "S407": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable"
 " to XML attacks. Replace '{0}' with the equivalent defusedxml"
-" package, or make sure defusedxml.defuse_stdlib() is called."),
+" package, or make sure defusedxml.defuse_stdlib() is called.",
+),
 "S408": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable"
 " to XML attacks. Replace '{0}' with the equivalent defusedxml"
-" package, or make sure defusedxml.defuse_stdlib() is called."),
+" package, or make sure defusedxml.defuse_stdlib() is called.",
+),
 "S409": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable"
 " to XML attacks. Replace '{0}' with the equivalent defusedxml"
-" package, or make sure defusedxml.defuse_stdlib() is called."),
+" package, or make sure defusedxml.defuse_stdlib() is called.",
+),
 "S410": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable"
 " to XML attacks. Replace '{0}' with the equivalent defusedxml"
-" package."),
+" package.",
+),
 "S411": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable"
 " to XML attacks. Use defused.xmlrpc.monkey_patch() function to"
-" monkey-patch xmlrpclib and mitigate XML vulnerabilities."),
+" monkey-patch xmlrpclib and mitigate XML vulnerabilities.",
+),
 "S412": QCoreApplication.translate(
 "Security",
-"Consider possible security implications associated with '{0}'"
+"Consider possible security implications associated with '{0}'" " module.",
-" module."),
+),
 "S413": QCoreApplication.translate(
 "Security",
 "The pyCrypto library and its module '{0}' are no longer actively"
 " maintained and have been deprecated. Consider using"
-" pyca/cryptography library."),
+" pyca/cryptography library.",
+),
 # insecure certificate usage
 "S501": QCoreApplication.translate(
 "Security",
 "'requests' call with verify=False disabling SSL certificate checks,"
-" security issue."),
+" security issue.",
+),
 # insecure SSL/TLS protocol version
 "S502.1": QCoreApplication.translate(
 "Security",
 "'ssl.wrap_socket' call with insecure SSL/TLS protocol version"
-" identified, security issue."),
+" identified, security issue.",
+),
 "S502.2": QCoreApplication.translate(
 "Security",
 "'SSL.Context' call with insecure SSL/TLS protocol version identified,"
-" security issue."),
+" security issue.",
+),
 "S502.3": QCoreApplication.translate(
 "Security",
 "Function call with insecure SSL/TLS protocol version identified,"
-" security issue."),
+" security issue.",
+),
 "S503": QCoreApplication.translate(
 "Security",
 "Function definition identified with insecure SSL/TLS protocol"
-" version by default, possible security issue."),
+" version by default, possible security issue.",
+),
 "S504": QCoreApplication.translate(
 "Security",
 "'ssl.wrap_socket' call with no SSL/TLS protocol version specified,"
-" the default 'SSLv23' could be insecure, possible security issue."),
+" the default 'SSLv23' could be insecure, possible security issue.",
+),
 # weak cryptographic keys
 "S505": QCoreApplication.translate(
-"Security",
+"Security", "{0} key sizes below {1:d} bits are considered breakable."
-"{0} key sizes below {1:d} bits are considered breakable."),
+),
 # YAML load
 "S506": QCoreApplication.translate(
 "Security",
 "Use of unsafe 'yaml.load()'. Allows instantiation of arbitrary"
-" objects. Consider 'yaml.safe_load()'."),
+" objects. Consider 'yaml.safe_load()'.",
+),
 # SSH host key verification
 "S507": QCoreApplication.translate(
 "Security",
-"Paramiko call with policy set to automatically trust the unknown"
+"Paramiko call with policy set to automatically trust the unknown" " host key.",
-" host key."),
+),
 # Shell injection
 "S601": QCoreApplication.translate(
 "Security",
 "Possible shell injection via 'Paramiko' call, check inputs are"
-" properly sanitized."),
+" properly sanitized.",
+),
 "S602.L": QCoreApplication.translate(
 "Security",
 "'subprocess' call with shell=True seems safe, but may be changed"
-" in the future, consider rewriting without shell"),
+" in the future, consider rewriting without shell",
+),
 "S602.H": QCoreApplication.translate(
-"Security",
+"Security", "'subprocess' call with shell=True identified, security issue."
-"'subprocess' call with shell=True identified, security issue."),
+),
 "S603": QCoreApplication.translate(
-"Security",
+"Security", "'subprocess' call - check for execution of untrusted input."
-"'subprocess' call - check for execution of untrusted input."),
+),
 "S604": QCoreApplication.translate(
 "Security",
 "Function call with shell=True parameter identified, possible"
-" security issue."),
+" security issue.",
+),
 "S605.L": QCoreApplication.translate(
 "Security",
 "Starting a process with a shell: Seems safe, but may be changed in"
-" the future, consider rewriting without shell"),
+" the future, consider rewriting without shell",
+),
 "S605.H": QCoreApplication.translate(
 "Security",
 "Starting a process with a shell, possible injection detected,"
-" security issue."),
+" security issue.",
+),
 "S606": QCoreApplication.translate(
-"Security",
+"Security", "Starting a process without a shell."
-"Starting a process without a shell."),
+),
 "S607": QCoreApplication.translate(
-"Security",
+"Security", "Starting a process with a partial executable path."
-"Starting a process with a partial executable path."),
+),
 # SQL injection
 "S608": QCoreApplication.translate(
 "Security",
-"Possible SQL injection vector through string-based query"
+"Possible SQL injection vector through string-based query" " construction.",
-" construction."),
+),
 # Wildcard injection
 "S609": QCoreApplication.translate(
-"Security",
+"Security", "Possible wildcard injection in call: {0}"
-"Possible wildcard injection in call: {0}"),
+),
 # Django SQL injection
 "S610": QCoreApplication.translate(
-"Security",
+"Security", "Use of 'extra()' opens a potential SQL attack vector."
-"Use of 'extra()' opens a potential SQL attack vector."),
+),
 "S611": QCoreApplication.translate(
-"Security",
+"Security", "Use of 'RawSQL()' opens a potential SQL attack vector."
-"Use of 'RawSQL()' opens a potential SQL attack vector."),
+),
 # Jinja2 templates
 "S701.1": QCoreApplication.translate(
 "Security",
 "Using jinja2 templates with 'autoescape=False' is dangerous and can"
 " lead to XSS. Use 'autoescape=True' or use the 'select_autoescape'"
-" function to mitigate XSS vulnerabilities."),
+" function to mitigate XSS vulnerabilities.",
+),
 "S701.2": QCoreApplication.translate(
 "Security",
 "By default, jinja2 sets 'autoescape' to False. Consider using"
 " 'autoescape=True' or use the 'select_autoescape' function to"
-" mitigate XSS vulnerabilities."),
+" mitigate XSS vulnerabilities.",
+),
 # Mako templates
 "S702": QCoreApplication.translate(
 "Security",
 "Mako templates allow HTML/JS rendering by default and are inherently"
 " open to XSS attacks. Ensure variables in all templates are properly"
 " sanitized via the 'n', 'h' or 'x' flags (depending on context). For"
-" example, to HTML escape the variable 'data' do ${{ data |h }}."),
+" example, to HTML escape the variable 'data' do ${{ data |h }}.",
+),
 # Django XSS vulnerability
 "S703": QCoreApplication.translate(
-"Security",
+"Security", "Potential XSS on 'mark_safe()' function."
-"Potential XSS on 'mark_safe()' function."),
+),
 # hardcoded AWS passwords
 "S801": QCoreApplication.translate(
-"Security",
+"Security", "Possible hardcoded AWS access key ID: {0}"
-"Possible hardcoded AWS access key ID: {0}"),
+),
 "S802": QCoreApplication.translate(
-"Security",
+"Security", "Possible hardcoded AWS secret access key: {0}"
-"Possible hardcoded AWS secret access key: {0}"),
+),
 }
 _securityMessagesSampleArgs = {
 "S103": ["0o777", "testfile.txt"],
 "S105": ["password"],
 "S106": ["password"],
 "S107": ["password"],
 "S304": ["Crypto.Cipher.DES"],
 "S305": ["cryptography.hazmat.primitives.ciphers.modes.ECB"],
 "S313": ["xml.etree.cElementTree.parse"],
 "S314": ["xml.etree.ElementTree.parse"],
 "S315": ["xml.sax.expatreader.create_parser"],
 "S316": ["xml.dom.expatbuilder.parse"],
 "S317": ["xml.sax.parse"],
 "S318": ["xml.dom.minidom.parse"],
 "S319": ["xml.dom.pulldom.parse"],
 "S320": ["lxml.etree.parse"],
 "S331": ["MD5"],
 "S403": ["pickle"],
 "S404": ["subprocess"],
 "S405": ["xml.etree.ElementTree"],
 "S406": ["xml.sax"],
 "S407": ["xml.dom.expatbuilder"],
 "S409": ["xml.dom.pulldom"],
 "S410": ["lxml"],
 "S411": ["xmlrpclib"],
 "S412": ["wsgiref.handlers.CGIHandler"],
 "S413": ["Crypto.Cipher"],
 "S505": ["RSA", 2048],
 "S609": ["os.system"],
+"S801": ["A1B2C3D4E5F6G7H8I9J0"],  # secok
-"S801": ["A1B2C3D4E5F6G7H8I9J0"],                           # secok
+"S802": ["aA1bB2cC3dD4/eE5fF6gG7+hH8iI9jJ0=kKlLM+="],  # secok
-"S802": ["aA1bB2cC3dD4/eE5fF6gG7+hH8iI9jJ0=kKlLM+="],       # secok
 }

Mercurial Repositories > eric / file comparison

comparison: src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py