eric: comparison src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py

-:59e04f7003e9
+:dee6e106b4d3
 from PyQt6.QtCore import QCoreApplication
 _securityMessages = {
 # assert used
-"S101": QCoreApplication.translate(
+"S-101": QCoreApplication.translate(
 "Security",
 "Use of 'assert' detected. The enclosed code will be removed when"
 " compiling to optimised byte code.",
 ),
 # exec used
-"S102": QCoreApplication.translate("Security", "Use of 'exec' detected."),
+"S-102": QCoreApplication.translate("Security", "Use of 'exec' detected."),
 # bad file permissions
-"S103": QCoreApplication.translate(
+"S-103": QCoreApplication.translate(
 "Security", "'chmod' setting a permissive mask {0} on file ({1})."
 ),
 # bind to all interfaces
-"S104": QCoreApplication.translate(
+"S-104": QCoreApplication.translate(
 "Security", "Possible binding to all interfaces."
 ),
 # hardcoded passwords
-"S105": QCoreApplication.translate(
+"S-105": QCoreApplication.translate(
 "Security", "Possible hardcoded password: '{0}'"
 ),
-"S106": QCoreApplication.translate(
+"S-106": QCoreApplication.translate(
 "Security", "Possible hardcoded password: '{0}'"
 ),
-"S107": QCoreApplication.translate(
+"S-107": QCoreApplication.translate(
 "Security", "Possible hardcoded password: '{0}'"
 ),
 # hardcoded tmp directory
-"S108": QCoreApplication.translate(
+"S-108": QCoreApplication.translate(
 "Security", "Probable insecure usage of temp file/directory."
 ),
 # try-except and contextlib.suppress
-"S110": QCoreApplication.translate("Security", "Try, Except, Pass detected."),
+"S-110": QCoreApplication.translate("Security", "Try, Except, Pass detected."),
-"S112": QCoreApplication.translate("Security", "Try, Except, Continue detected."),
+"S-112": QCoreApplication.translate("Security", "Try, Except, Continue detected."),
-"S113": QCoreApplication.translate("Security", "'contextlib.suppress()' detected."),
+"S-113": QCoreApplication.translate("Security", "'contextlib.suppress()' detected."),
 # request without timeout
-"S114.1": QCoreApplication.translate("Security", "Call to {0} without timeout."),
+"S-114.1": QCoreApplication.translate("Security", "Call to {0} without timeout."),
-"S114.2": QCoreApplication.translate(
+"S-114.2": QCoreApplication.translate(
 "Security",
 "Call to {0} with timeout set to None.",
 ),
 # flask app
-"S201": QCoreApplication.translate(
+"S-201": QCoreApplication.translate(
 "Security",
 "A Flask app appears to be run with debug=True, which exposes the"
 " Werkzeug debugger and allows the execution of arbitrary code.",
 ),
 # tarfile.extractall
-"S202.1": QCoreApplication.translate(
+"S-202.1": QCoreApplication.translate(
 "Security",
 "Usage of 'tarfile.extractall(members=function(tarfile))'. "
 "Make sure your function properly discards dangerous members ({0}).",
 ),
-"S202.2": QCoreApplication.translate(
+"S-202.2": QCoreApplication.translate(
 "Security",
 "Found 'tarfile.extractall(members=?)' but couldn't identify the type of"
 " members. Check if the members were properly validated ({0}).",
 ),
-"S202.3": QCoreApplication.translate(
+"S-202.3": QCoreApplication.translate(
 "Security",
 "'tarfile.extractall()' used without any validation. Please check and"
 " discard dangerous members.",
 ),
 # prohibited calls
-"S301": QCoreApplication.translate(
+"S-301": QCoreApplication.translate(
 "Security",
 "Pickle and modules that wrap it can be unsafe when used to "
 "deserialize untrusted data, possible security issue.",
 ),
-"S302": QCoreApplication.translate(
+"S-302": QCoreApplication.translate(
 "Security", "Deserialization with the marshal module is possibly dangerous."
 ),
-"S303": QCoreApplication.translate(
+"S-303": QCoreApplication.translate(
 "Security", "Use of insecure MD2, MD4, MD5, or SHA1 hash function."
 ),
-"S304": QCoreApplication.translate(
+"S-304": QCoreApplication.translate(
 "Security",
 "Use of insecure cipher '{0}'. Replace with a known secure cipher"
 " such as AES.",
 ),
-"S305": QCoreApplication.translate(
+"S-305": QCoreApplication.translate(
 "Security", "Use of insecure cipher mode '{0}'."
 ),
-"S306": QCoreApplication.translate(
+"S-306": QCoreApplication.translate(
 "Security", "Use of insecure and deprecated function (mktemp)."
 ),
-"S307": QCoreApplication.translate(
+"S-307": QCoreApplication.translate(
 "Security",
 "Use of possibly insecure function - consider using safer ast.literal_eval.",
 ),
-"S308": QCoreApplication.translate(
+"S-308": QCoreApplication.translate(
 "Security",
 "Use of mark_safe() may expose cross-site scripting vulnerabilities"
 " and should be reviewed.",
 ),
-"S310": QCoreApplication.translate(
+"S-310": QCoreApplication.translate(
 "Security",
 "Audit url open for permitted schemes. Allowing use of file:/ or"
 " custom schemes is often unexpected.",
 ),
-"S311": QCoreApplication.translate(
+"S-311": QCoreApplication.translate(
 "Security",
 "Standard pseudo-random generators are not suitable for"
 " security/cryptographic purposes.",
 ),
-"S312": QCoreApplication.translate(
+"S-312": QCoreApplication.translate(
 "Security",
 "Telnet-related functions are being called. Telnet is considered"
 " insecure. Use SSH or some other encrypted protocol.",
 ),
-"S313": QCoreApplication.translate(
+"S-313": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable to"
 " XML attacks. Replace '{0}' with its defusedxml equivalent function"
 " or make sure defusedxml.defuse_stdlib() is called.",
 ),
-"S314": QCoreApplication.translate(
+"S-314": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable to"
 " XML attacks. Replace '{0}' with its defusedxml equivalent function"
 " or make sure defusedxml.defuse_stdlib() is called.",
 ),
-"S315": QCoreApplication.translate(
+"S-315": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable to"
 " XML attacks. Replace '{0}' with its defusedxml equivalent function"
 " or make sure defusedxml.defuse_stdlib() is called.",
 ),
-"S316": QCoreApplication.translate(
+"S-316": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable to"
 " XML attacks. Replace '{0}' with its defusedxml equivalent function"
 " or make sure defusedxml.defuse_stdlib() is called.",
 ),
-"S317": QCoreApplication.translate(
+"S-317": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable to"
 " XML attacks. Replace '{0}' with its defusedxml equivalent function"
 " or make sure defusedxml.defuse_stdlib() is called.",
 ),
-"S318": QCoreApplication.translate(
+"S-318": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable to"
 " XML attacks. Replace '{0}' with its defusedxml equivalent function"
 " or make sure defusedxml.defuse_stdlib() is called.",
 ),
-"S319": QCoreApplication.translate(
+"S-319": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable to"
 " XML attacks. Replace '{0}' with its defusedxml equivalent function"
 " or make sure defusedxml.defuse_stdlib() is called.",
 ),
-"S321": QCoreApplication.translate(
+"S-321": QCoreApplication.translate(
 "Security",
 "FTP-related functions are being called. FTP is considered insecure."
 " Use SSH/SFTP/SCP or some other encrypted protocol.",
 ),
-"S323": QCoreApplication.translate(
+"S-323": QCoreApplication.translate(
 "Security",
 "By default, Python will create a secure, verified SSL context for"
 " use in such classes as HTTPSConnection. However, it still allows"
 " using an insecure context via the _create_unverified_context that"
 " reverts to the previous behavior that does not validate"
 " certificates or perform hostname checks.",
 ),
 # hashlib functions
-"S331": QCoreApplication.translate(
+"S-331": QCoreApplication.translate(
 "Security", "Use of insecure {0} hash function."
 ),
-"S332": QCoreApplication.translate(
+"S-332": QCoreApplication.translate(
 "Security",
 "Use of insecure {0} hash for security. Consider 'usedforsecurity=False'.",
 ),
 # prohibited imports
-"S401": QCoreApplication.translate(
+"S-401": QCoreApplication.translate(
 "Security",
 "A telnet-related module is being imported.  Telnet is considered"
 " insecure. Use SSH or some other encrypted protocol.",
 ),
-"S402": QCoreApplication.translate(
+"S-402": QCoreApplication.translate(
 "Security",
 "A FTP-related module is being imported.  FTP is considered"
 " insecure. Use SSH/SFTP/SCP or some other encrypted protocol.",
 ),
-"S403": QCoreApplication.translate(
+"S-403": QCoreApplication.translate(
 "Security",
 "Consider possible security implications associated with the '{0}' module.",
 ),
-"S404": QCoreApplication.translate(
+"S-404": QCoreApplication.translate(
 "Security",
 "Consider possible security implications associated with the '{0}' module.",
 ),
-"S405": QCoreApplication.translate(
+"S-405": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable"
 " to XML attacks. Replace '{0}' with the equivalent defusedxml"
 " package, or make sure defusedxml.defuse_stdlib() is called.",
 ),
-"S406": QCoreApplication.translate(
+"S-406": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable"
 " to XML attacks. Replace '{0}' with the equivalent defusedxml"
 " package, or make sure defusedxml.defuse_stdlib() is called.",
 ),
-"S407": QCoreApplication.translate(
+"S-407": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable"
 " to XML attacks. Replace '{0}' with the equivalent defusedxml"
 " package, or make sure defusedxml.defuse_stdlib() is called.",
 ),
-"S408": QCoreApplication.translate(
+"S-408": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable"
 " to XML attacks. Replace '{0}' with the equivalent defusedxml"
 " package, or make sure defusedxml.defuse_stdlib() is called.",
 ),
-"S409": QCoreApplication.translate(
+"S-409": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable"
 " to XML attacks. Replace '{0}' with the equivalent defusedxml"
 " package, or make sure defusedxml.defuse_stdlib() is called.",
 ),
-"S411": QCoreApplication.translate(
+"S-411": QCoreApplication.translate(
 "Security",
 "Using '{0}' to parse untrusted XML data is known to be vulnerable"
 " to XML attacks. Use defusedxml.xmlrpc.monkey_patch() function to"
 " monkey-patch xmlrpclib and mitigate XML vulnerabilities.",
 ),
-"S412": QCoreApplication.translate(
+"S-412": QCoreApplication.translate(
 "Security",
 "Consider possible security implications associated with '{0}' module.",
 ),
-"S413": QCoreApplication.translate(
+"S-413": QCoreApplication.translate(
 "Security",
 "The pyCrypto library and its module '{0}' are no longer actively"
 " maintained and have been deprecated. Consider using"
 " pyca/cryptography library.",
 ),
-"S414": QCoreApplication.translate(
+"S-414": QCoreApplication.translate(
 "Security",
 "An IPMI-related module is being imported. IPMI is considered "
 "insecure. Use an encrypted protocol.",
 ),
 # insecure certificate usage
-"S501": QCoreApplication.translate(
+"S-501": QCoreApplication.translate(
 "Security",
 "'requests' call with verify=False disabling SSL certificate checks,"
 " security issue.",
 ),
 # insecure SSL/TLS protocol version
-"S502.1": QCoreApplication.translate(
+"S-502.1": QCoreApplication.translate(
 "Security",
 "'ssl.wrap_socket' call with insecure SSL/TLS protocol version"
 " identified, security issue.",
 ),
-"S502.2": QCoreApplication.translate(
+"S-502.2": QCoreApplication.translate(
 "Security",
 "'SSL.Context' call with insecure SSL/TLS protocol version identified,"
 " security issue.",
 ),
-"S502.3": QCoreApplication.translate(
+"S-502.3": QCoreApplication.translate(
 "Security",
 "Function call with insecure SSL/TLS protocol version identified,"
 " security issue.",
 ),
-"S503": QCoreApplication.translate(
+"S-503": QCoreApplication.translate(
 "Security",
 "Function definition identified with insecure SSL/TLS protocol"
 " version by default, possible security issue.",
 ),
-"S504": QCoreApplication.translate(
+"S-504": QCoreApplication.translate(
 "Security",
 "'ssl.wrap_socket' call with no SSL/TLS protocol version specified,"
 " the default 'SSLv23' could be insecure, possible security issue.",
 ),
 # weak cryptographic keys
-"S505": QCoreApplication.translate(
+"S-505": QCoreApplication.translate(
 "Security", "{0} key sizes below {1:d} bits are considered breakable."
 ),
 # YAML load
-"S506": QCoreApplication.translate(
+"S-506": QCoreApplication.translate(
 "Security",
 "Use of unsafe 'yaml.load()'. Allows instantiation of arbitrary"
 " objects. Consider 'yaml.safe_load()'.",
 ),
 # SSH host key verification
-"S507": QCoreApplication.translate(
+"S-507": QCoreApplication.translate(
 "Security",
 "Paramiko call with policy set to automatically trust the unknown host key.",
 ),
 # insecure SNMP
-"S508": QCoreApplication.translate(
+"S-508": QCoreApplication.translate(
 "Security",
 "The use of SNMPv1 and SNMPv2 is insecure. You should use SNMPv3 if possible.",
 ),
-"S509": QCoreApplication.translate(
+"S-509": QCoreApplication.translate(
 "Security",
 "You should not use SNMPv3 without encryption. noAuthNoPriv & authNoPriv is"
 " insecure.",
 ),
 # Shell injection
-"S601": QCoreApplication.translate(
+"S-601": QCoreApplication.translate(
 "Security",
 "Possible shell injection via 'Paramiko' call, check inputs are"
 " properly sanitized.",
 ),
-"S602.L": QCoreApplication.translate(
+"S-602.L": QCoreApplication.translate(
 "Security",
 "'subprocess' call with shell=True seems safe, but may be changed"
 " in the future, consider rewriting without shell",
 ),
-"S602.H": QCoreApplication.translate(
+"S-602.H": QCoreApplication.translate(
 "Security", "'subprocess' call with shell=True identified, security issue."
 ),
-"S603": QCoreApplication.translate(
+"S-603": QCoreApplication.translate(
 "Security", "'subprocess' call - check for execution of untrusted input."
 ),
-"S604": QCoreApplication.translate(
+"S-604": QCoreApplication.translate(
 "Security",
 "Function call with shell=True parameter identified, possible"
 " security issue.",
 ),
-"S605.L": QCoreApplication.translate(
+"S-605.L": QCoreApplication.translate(
 "Security",
 "Starting a process with a shell: Seems safe, but may be changed in"
 " the future, consider rewriting without shell",
 ),
-"S605.H": QCoreApplication.translate(
+"S-605.H": QCoreApplication.translate(
 "Security",
 "Starting a process with a shell, possible injection detected,"
 " security issue.",
 ),
-"S606": QCoreApplication.translate(
+"S-606": QCoreApplication.translate(
 "Security", "Starting a process without a shell."
 ),
-"S607": QCoreApplication.translate(
+"S-607": QCoreApplication.translate(
 "Security", "Starting a process with a partial executable path."
 ),
 # SQL injection
-"S608": QCoreApplication.translate(
+"S-608": QCoreApplication.translate(
 "Security",
 "Possible SQL injection vector through string-based query construction.",
 ),
 # Wildcard injection
-"S609": QCoreApplication.translate(
+"S-609": QCoreApplication.translate(
 "Security", "Possible wildcard injection in call: {0}"
 ),
 # Django SQL injection
-"S610": QCoreApplication.translate(
+"S-610": QCoreApplication.translate(
 "Security", "Use of 'extra()' opens a potential SQL attack vector."
 ),
-"S611": QCoreApplication.translate(
+"S-611": QCoreApplication.translate(
 "Security", "Use of 'RawSQL()' opens a potential SQL attack vector."
 ),
 # insecure logging.config.listen()
-"S612": QCoreApplication.translate(
+"S-612": QCoreApplication.translate(
 "Security",
 "Use of insecure logging.config.listen() detected.",
 ),
 # Trojan Source
-"S613": QCoreApplication.translate(
+"S-613": QCoreApplication.translate(
 "Security",
 "The Python source file contains bidirectional control characters ({0}).",
 ),
 # PyTorch unsafe load or save
-"S614": QCoreApplication.translate(
+"S-614": QCoreApplication.translate(
 "Security", "Use of unsafe PyTorch load or save."
 ),
 # Jinja2 templates
-"S701.1": QCoreApplication.translate(
+"S-701.1": QCoreApplication.translate(
 "Security",
 "Using jinja2 templates with 'autoescape=False' is dangerous and can"
 " lead to XSS. Use 'autoescape=True' or use the 'select_autoescape'"
 " function to mitigate XSS vulnerabilities.",
 ),
-"S701.2": QCoreApplication.translate(
+"S-701.2": QCoreApplication.translate(
 "Security",
 "By default, jinja2 sets 'autoescape' to False. Consider using"
 " 'autoescape=True' or use the 'select_autoescape' function to"
 " mitigate XSS vulnerabilities.",
 ),
 # Mako templates
-"S702": QCoreApplication.translate(
+"S-702": QCoreApplication.translate(
 "Security",
 "Mako templates allow HTML/JS rendering by default and are inherently"
 " open to XSS attacks. Ensure variables in all templates are properly"
 " sanitized via the 'n', 'h' or 'x' flags (depending on context). For"
 " example, to HTML escape the variable 'data' do ${{ data |h }}.",
 ),
 # Django XSS vulnerability
-"S703": QCoreApplication.translate(
+"S-703": QCoreApplication.translate(
 "Security", "Potential XSS on 'mark_safe()' function."
 ),
 # hardcoded AWS passwords
-"S801": QCoreApplication.translate(
+"S-801": QCoreApplication.translate(
 "Security", "Possible hardcoded AWS access key ID: {0}"
 ),
-"S802": QCoreApplication.translate(
+"S-802": QCoreApplication.translate(
 "Security", "Possible hardcoded AWS secret access key: {0}"
 ),
 }
 _securityMessagesSampleArgs = {
-"S103": ["0o777", "testfile.txt"],
+"S-103": ["0o777", "testfile.txt"],
-"S105": ["password"],
+"S-105": ["password"],
-"S106": ["password"],
+"S-106": ["password"],
-"S107": ["password"],
+"S-107": ["password"],
-"S114.1": ["requests"],
+"S-114.1": ["requests"],
-"S114.2": ["httpx"],
+"S-114.2": ["httpx"],
-"S202.1": ["members_filter(tar)"],
+"S-202.1": ["members_filter(tar)"],
-"S202.2": ["tar"],
+"S-202.2": ["tar"],
-"S304": ["Crypto.Cipher.DES"],
+"S-304": ["Crypto.Cipher.DES"],
-"S305": ["cryptography.hazmat.primitives.ciphers.modes.ECB"],
+"S-305": ["cryptography.hazmat.primitives.ciphers.modes.ECB"],
-"S313": ["xml.etree.cElementTree.parse"],
+"S-313": ["xml.etree.cElementTree.parse"],
-"S314": ["xml.etree.ElementTree.parse"],
+"S-314": ["xml.etree.ElementTree.parse"],
-"S315": ["xml.sax.expatreader.create_parser"],
+"S-315": ["xml.sax.expatreader.create_parser"],
-"S316": ["xml.dom.expatbuilder.parse"],
+"S-316": ["xml.dom.expatbuilder.parse"],
-"S317": ["xml.sax.parse"],
+"S-317": ["xml.sax.parse"],
-"S318": ["xml.dom.minidom.parse"],
+"S-318": ["xml.dom.minidom.parse"],
-"S319": ["xml.dom.pulldom.parse"],
+"S-319": ["xml.dom.pulldom.parse"],
-"S331": ["MD5"],
+"S-331": ["MD5"],
-"S403": ["pickle"],
+"S-403": ["pickle"],
-"S404": ["subprocess"],
+"S-404": ["subprocess"],
-"S405": ["xml.etree.ElementTree"],
+"S-405": ["xml.etree.ElementTree"],
-"S406": ["xml.sax"],
+"S-406": ["xml.sax"],
-"S407": ["xml.dom.expatbuilder"],
+"S-407": ["xml.dom.expatbuilder"],
-"S408": ["xml.dom.minidom"],
+"S-408": ["xml.dom.minidom"],
-"S409": ["xml.dom.pulldom"],
+"S-409": ["xml.dom.pulldom"],
-"S411": ["xmlrpclib"],
+"S-411": ["xmlrpclib"],
-"S412": ["wsgiref.handlers.CGIHandler"],
+"S-412": ["wsgiref.handlers.CGIHandler"],
-"S413": ["Crypto.Cipher"],
+"S-413": ["Crypto.Cipher"],
-"S505": ["RSA", 2048],
+"S-505": ["RSA", 2048],
-"S609": ["os.system"],
+"S-609": ["os.system"],
-"S613": [repr("\u202e")],
+"S-613": [repr("\u202e")],
-"S801": ["A1B2C3D4E5F6G7H8I9J0"],  # secok
+"S-801": ["A1B2C3D4E5F6G7H8I9J0"],  # secok
-"S802": ["aA1bB2cC3dD4/eE5fF6gG7+hH8iI9jJ0=kKlLM+="],  # secok
+"S-802": ["aA1bB2cC3dD4/eE5fF6gG7+hH8iI9jJ0=kKlLM+="],  # secok
 }

Mercurial Repositories > eric / file comparison

comparison: src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py