eric: comparison eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/djangoXssVulnerability.py

-:61566f35ab22
+:c878e8255972
 #
 # SPDX-License-Identifier: Apache-2.0
 #
 import ast
-import sys
 import AstUtilities
-PY2 = sys.version_info[0] == 2
 def getChecks():
 """
 Public method to get a dictionary with checks handled by this module.
 parent = parent._securityParent
 isParam = False
 if isinstance(parent, ast.FunctionDef):
 for name in parent.args.args:
-argName = name.id if PY2 else name.arg
+if name.arg == xssVar.id:
-if argName == xssVar.id:
 isParam = True
 break
 if not isParam:
 secure = evaluateVar(xssVar, parent, node.lineno)
 # If is param the assignations are not affected
 return assigned
 assigned = self.isAssignedIn(node.body)
 elif isinstance(node, ast.With):
-if PY2:
+for withitem in node.items:
-if node.optional_vars.id == self.__varName.id:
+varId = getattr(withitem.optional_vars, 'id', None)
+if varId == self.__varName.id:
 assigned = node
 else:
 assigned = self.isAssignedIn(node.body)
-else:
+elif isinstance(node, ast.Try):
-for withitem in node.items:
-varId = getattr(withitem.optional_vars, 'id', None)
-if varId == self.__varName.id:
-assigned = node
-else:
-assigned = self.isAssignedIn(node.body)
-elif PY2 and isinstance(node, ast.TryFinally):
-assigned = []
-assigned.extend(self.isAssignedIn(node.body))
-assigned.extend(self.isAssignedIn(node.finalbody))
-elif PY2 and isinstance(node, ast.TryExcept):
-assigned = []
-assigned.extend(self.isAssignedIn(node.body))
-assigned.extend(self.isAssignedIn(node.handlers))
-assigned.extend(self.isAssignedIn(node.orelse))
-elif not PY2 and isinstance(node, ast.Try):
 assigned = []
 assigned.extend(self.isAssignedIn(node.body))
 assigned.extend(self.isAssignedIn(node.handlers))
 assigned.extend(self.isAssignedIn(node.orelse))
 assigned.extend(self.isAssignedIn(node.finalbody))
 """
 secure = False
 if isinstance(xssVar, ast.Name):
 if isinstance(parent, ast.FunctionDef):
 for name in parent.args.args:
-argName = name.id if PY2 else name.arg
+if name.arg == xssVar.id:
-if argName == xssVar.id:
 return False  # Params are not secure
 analyser = DeepAssignation(xssVar, ignoreNodes)
 for node in parent.body:
 if node.lineno >= until:
 if (
 AstUtilities.isString(call.func.value) and
 call.func.attr == 'format'
 ):
 evaluate = True
-if call.keywords or (PY2 and call.kwargs):
+if call.keywords:
 evaluate = False
 if evaluate:
 args = list(call.args)
-if (
-PY2 and
-call.starargs and
-isinstance(call.starargs, (ast.List, ast.Tuple))
-):
-args.extend(call.starargs.elts)
 numSecure = 0
 for arg in args:
 if AstUtilities.isString(arg):
 numSecure += 1
 if evaluateCall(arg, parent, ignoreNodes):
 numSecure += 1
 else:
 break
 elif (
-not PY2 and
 isinstance(arg, ast.Starred) and
 isinstance(arg.value, (ast.List, ast.Tuple))
 ):
 args.extend(arg.value.elts)
 numSecure += 1
 isLeftStr = AstUtilities.isString(var.left)
 if isMod and isLeftStr:
 newCall = ast.Call()
 newCall.args = []
 newCall.args = []
-if PY2:
-newCall.starargs = None
 newCall.keywords = None
-if PY2:
-newCall.kwargs = None
 newCall.lineno = var.lineno
 newCall.func = ast.Attribute()
 newCall.func.value = var.left
 newCall.func.attr = 'format'
 if isinstance(var.right, ast.Tuple):
 newCall.args = var.right.elts
-elif PY2 and isinstance(var.right, ast.Dict):
-newCall.kwargs = var.right
 else:
 newCall.args = [var.right]
 return newCall

Mercurial Repositories > eric / file comparison

comparison: eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/djangoXssVulnerability.py

eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/djangoXssVulnerability.py