--- a/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/djangoSqlInjection.py Tue Jun 16 17:44:28 2020 +0200
+++ b/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/djangoSqlInjection.py Tue Jun 16 17:45:12 2020 +0200
@@ -17,6 +17,8 @@
import ast
+import AstUtilities
+
def getChecks():
"""
@@ -82,7 +84,7 @@
if key in kwargs:
if isinstance(kwargs[key], ast.List):
for val in kwargs[key].elts:
- if not isinstance(val, ast.Str):
+ if not AstUtilities.isString(val):
insecure = True
break
else:
@@ -91,12 +93,12 @@
if not insecure and 'select' in kwargs:
if isinstance(kwargs['select'], ast.Dict):
for k in kwargs['select'].keys:
- if not isinstance(k, ast.Str):
+ if not AstUtilities.isString(k):
insecure = True
break
if not insecure:
for v in kwargs['select'].values:
- if not isinstance(v, ast.Str):
+ if not AstUtilities.isString(v):
insecure = True
break
else:
@@ -126,7 +128,7 @@
if context.isModuleImportedLike('django.db.models'):
if context.callFunctionName == 'RawSQL':
sql = context.node.args[0]
- if not isinstance(sql, ast.Str):
+ if not AstUtilities.isString(sql):
reportError(
context.node.lineno - 1,
context.node.col_offset,
