Mercurial Repositories > eric / file diff

diff: src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/tarfileUnsafeMembers.py

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/tarfileUnsafeMembers.py

branch
eric7
changeset 10638
12558008c269
parent 10439
21c28b0f9e41
child 10683
779cda568acb
--- a/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/tarfileUnsafeMembers.py	Mon Mar 11 15:35:12 2024 +0100
+++ b/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/tarfileUnsafeMembers.py	Mon Mar 11 16:13:14 2024 +0100
@@ -52,6 +52,23 @@
     return {}
 
 
+def _isFilterData(context):
+    """
+    Function to check for the filter argument to be 'data'.
+
+    @param context security context object
+    @type SecurityContext
+    @return flag indicating the 'data' filter
+    @rtype bool
+    """
+    for kw in context.node.keywords:
+        if kw.arg == "filter":
+            arg = kw.value
+            return isinstance(arg, ast.Str) and arg.s == "data"
+
+    return False
+
+
 def checkTarfileUnsafeMembers(reportError, context, config):  # noqa: U100
     """
     Function to check for insecure use of 'tarfile.extracall()'.
@@ -69,6 +86,9 @@
             "extractall" in context.callFunctionName,
         ]
     ):
+        if "filter" in context.callKeywords and _isFilterData(context):
+            return
+
         if "members" in context.callKeywords:
             members = _getMembersValue(context)
             if "Function" in members:

Mercurial Repository: eric

eric ide

mercurial