Mercurial Repositories > eric / file comparison
comparison: src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py
src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py
- branch
- eric7
- changeset 10507
- d1c6608155ef
- parent 10503
- 6a37b6ac3928
- child 10638
- 12558008c269
equal
deleted
inserted
replaced
| 10506:321555d0303b | 10507:d1c6608155ef |
|---|---|
| 104 "S308": QCoreApplication.translate( | 104 "S308": QCoreApplication.translate( |
| 105 "Security", | 105 "Security", |
| 106 "Use of mark_safe() may expose cross-site scripting vulnerabilities" | 106 "Use of mark_safe() may expose cross-site scripting vulnerabilities" |
| 107 " and should be reviewed.", | 107 " and should be reviewed.", |
| 108 ), | 108 ), |
| 109 "S309": QCoreApplication.translate( | |
| 110 "Security", | |
| 111 "Use of HTTPSConnection on older versions of Python prior to 2.7.9" | |
| 112 " and 3.4.3 do not provide security, see" | |
| 113 " https://wiki.openstack.org/wiki/OSSN/OSSN-0033", | |
| 114 ), | |
| 115 "S310": QCoreApplication.translate( | 109 "S310": QCoreApplication.translate( |
| 116 "Security", | 110 "Security", |
| 117 "Audit url open for permitted schemes. Allowing use of file:/ or" | 111 "Audit url open for permitted schemes. Allowing use of file:/ or" |
| 118 " custom schemes is often unexpected.", | 112 " custom schemes is often unexpected.", |
| 119 ), | 113 ), |
| 193 " use in such classes as HTTPSConnection. However, it still allows" | 187 " use in such classes as HTTPSConnection. However, it still allows" |
| 194 " using an insecure context via the _create_unverified_context that" | 188 " using an insecure context via the _create_unverified_context that" |
| 195 " reverts to the previous behavior that does not validate" | 189 " reverts to the previous behavior that does not validate" |
| 196 " certificates or perform hostname checks.", | 190 " certificates or perform hostname checks.", |
| 197 ), | 191 ), |
| 198 "S324": QCoreApplication.translate( | |
| 199 "Security", | |
| 200 "Use of os.tempnam() and os.tmpnam() is vulnerable to symlink" | |
| 201 " attacks. Consider using tmpfile() instead.", | |
| 202 ), | |
| 203 # hashlib.new | 192 # hashlib.new |
| 204 "S331": QCoreApplication.translate( | 193 "S331": QCoreApplication.translate( |
| 205 "Security", "Use of insecure {0} hash function." | 194 "Security", "Use of insecure {0} hash function." |
| 206 ), | 195 ), |
| 207 "S332": QCoreApplication.translate( | 196 "S332": QCoreApplication.translate( |
| 392 "S610": QCoreApplication.translate( | 381 "S610": QCoreApplication.translate( |
| 393 "Security", "Use of 'extra()' opens a potential SQL attack vector." | 382 "Security", "Use of 'extra()' opens a potential SQL attack vector." |
| 394 ), | 383 ), |
| 395 "S611": QCoreApplication.translate( | 384 "S611": QCoreApplication.translate( |
| 396 "Security", "Use of 'RawSQL()' opens a potential SQL attack vector." | 385 "Security", "Use of 'RawSQL()' opens a potential SQL attack vector." |
| 386 ), | |
| 387 # insecure logging.config.listen() | |
| 388 "S612": QCoreApplication.translate( | |
| 389 "Security", | |
| 390 "Use of insecure logging.config.listen() detected.", | |
| 397 ), | 391 ), |
| 398 # Jinja2 templates | 392 # Jinja2 templates |
| 399 "S701.1": QCoreApplication.translate( | 393 "S701.1": QCoreApplication.translate( |
| 400 "Security", | 394 "Security", |
| 401 "Using jinja2 templates with 'autoescape=False' is dangerous and can" | 395 "Using jinja2 templates with 'autoescape=False' is dangerous and can" |
