Mercurial Repositories > eric / file comparison
comparison: src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/injectionShell.py
src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/injectionShell.py
- branch
- eric7
- changeset 11147
- dee6e106b4d3
- parent 11090
- f5f5f5803935
equal
deleted
inserted
replaced
| 11146:59e04f7003e9 | 11147:dee6e106b4d3 |
|---|---|
| 35 list of codes | 35 list of codes |
| 36 @rtype dict | 36 @rtype dict |
| 37 """ | 37 """ |
| 38 return { | 38 return { |
| 39 "Call": [ | 39 "Call": [ |
| 40 (checkSubprocessPopenWithShell, ("S602",)), | 40 (checkSubprocessPopenWithShell, ("S-602",)), |
| 41 (checkSubprocessPopenWithoutShell, ("S603",)), | 41 (checkSubprocessPopenWithoutShell, ("S-603",)), |
| 42 (checkOtherFunctionWithShell, ("S604",)), | 42 (checkOtherFunctionWithShell, ("S-604",)), |
| 43 (checkStartProcessWithShell, ("S605",)), | 43 (checkStartProcessWithShell, ("S-605",)), |
| 44 (checkStartProcessWithNoShell, ("S606",)), | 44 (checkStartProcessWithNoShell, ("S-606",)), |
| 45 (checkStartProcessWithPartialPath, ("S607",)), | 45 (checkStartProcessWithPartialPath, ("S-607",)), |
| 46 ], | 46 ], |
| 47 } | 47 } |
| 48 | 48 |
| 49 | 49 |
| 50 def _evaluateShellCall(context): | 50 def _evaluateShellCall(context): |
| 120 sev = _evaluateShellCall(context) | 120 sev = _evaluateShellCall(context) |
| 121 if sev == "L": | 121 if sev == "L": |
| 122 reportError( | 122 reportError( |
| 123 context.getLinenoForCallArg("shell") - 1, | 123 context.getLinenoForCallArg("shell") - 1, |
| 124 context.getOffsetForCallArg("shell"), | 124 context.getOffsetForCallArg("shell"), |
| 125 "S602.L", | 125 "S-602.L", |
| 126 sev, | 126 sev, |
| 127 "H", | 127 "H", |
| 128 ) | 128 ) |
| 129 else: | 129 else: |
| 130 reportError( | 130 reportError( |
| 131 context.getLinenoForCallArg("shell") - 1, | 131 context.getLinenoForCallArg("shell") - 1, |
| 132 context.getOffsetForCallArg("shell"), | 132 context.getOffsetForCallArg("shell"), |
| 133 "S602.H", | 133 "S-602.H", |
| 134 sev, | 134 sev, |
| 135 "H", | 135 "H", |
| 136 ) | 136 ) |
| 137 | 137 |
| 138 | 138 |
| 155 | 155 |
| 156 if context.callFunctionNameQual in functionNames and not hasShell(context): | 156 if context.callFunctionNameQual in functionNames and not hasShell(context): |
| 157 reportError( | 157 reportError( |
| 158 context.node.lineno - 1, | 158 context.node.lineno - 1, |
| 159 context.node.col_offset, | 159 context.node.col_offset, |
| 160 "S603", | 160 "S-603", |
| 161 "L", | 161 "L", |
| 162 "H", | 162 "H", |
| 163 ) | 163 ) |
| 164 | 164 |
| 165 | 165 |
| 182 | 182 |
| 183 if context.callFunctionNameQual not in functionNames and hasShell(context): | 183 if context.callFunctionNameQual not in functionNames and hasShell(context): |
| 184 reportError( | 184 reportError( |
| 185 context.getLinenoForCallArg("shell") - 1, | 185 context.getLinenoForCallArg("shell") - 1, |
| 186 context.getOffsetForCallArg("shell"), | 186 context.getOffsetForCallArg("shell"), |
| 187 "S604", | 187 "S-604", |
| 188 "M", | 188 "M", |
| 189 "L", | 189 "L", |
| 190 ) | 190 ) |
| 191 | 191 |
| 192 | 192 |
| 211 sev = _evaluateShellCall(context) | 211 sev = _evaluateShellCall(context) |
| 212 if sev == "L": | 212 if sev == "L": |
| 213 reportError( | 213 reportError( |
| 214 context.node.lineno - 1, | 214 context.node.lineno - 1, |
| 215 context.node.col_offset, | 215 context.node.col_offset, |
| 216 "S605.L", | 216 "S-605.L", |
| 217 sev, | 217 sev, |
| 218 "H", | 218 "H", |
| 219 ) | 219 ) |
| 220 else: | 220 else: |
| 221 reportError( | 221 reportError( |
| 222 context.node.lineno - 1, | 222 context.node.lineno - 1, |
| 223 context.node.col_offset, | 223 context.node.col_offset, |
| 224 "S605.H", | 224 "S-605.H", |
| 225 sev, | 225 sev, |
| 226 "H", | 226 "H", |
| 227 ) | 227 ) |
| 228 | 228 |
| 229 | 229 |
| 246 | 246 |
| 247 if context.callFunctionNameQual in functionNames: | 247 if context.callFunctionNameQual in functionNames: |
| 248 reportError( | 248 reportError( |
| 249 context.node.lineno - 1, | 249 context.node.lineno - 1, |
| 250 context.node.col_offset, | 250 context.node.col_offset, |
| 251 "S606", | 251 "S-606", |
| 252 "L", | 252 "L", |
| 253 "M", | 253 "M", |
| 254 ) | 254 ) |
| 255 | 255 |
| 256 | 256 |
| 291 # make sure the param is a string literal and not a var name | 291 # make sure the param is a string literal and not a var name |
| 292 if AstUtilities.isString(node) and not fullPathMatchRe.match(node.value): | 292 if AstUtilities.isString(node) and not fullPathMatchRe.match(node.value): |
| 293 reportError( | 293 reportError( |
| 294 context.node.lineno - 1, | 294 context.node.lineno - 1, |
| 295 context.node.col_offset, | 295 context.node.col_offset, |
| 296 "S607", | 296 "S-607", |
| 297 "L", | 297 "L", |
| 298 "H", | 298 "H", |
| 299 ) | 299 ) |
