Mercurial Repositories > eric / file diff

diff: eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/djangoXssVulnerability.py

eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/djangoXssVulnerability.py

changeset 7622
384e2aa5c073
parent 7619
ef2b5af23ce7
child 7637
c878e8255972
--- a/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/djangoXssVulnerability.py	Tue Jun 16 17:44:28 2020 +0200
+++ b/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/djangoXssVulnerability.py	Tue Jun 16 17:45:12 2020 +0200
@@ -18,6 +18,8 @@
 import ast
 import sys
 
+import AstUtilities
+
 PY2 = sys.version_info[0] == 2
 
 
@@ -57,7 +59,7 @@
         ]
         if context.callFunctionName in affectedFunctions:
             xss = context.node.args[0]
-            if not isinstance(xss, ast.Str):
+            if not AstUtilities.isString(xss):
                 checkPotentialRisk(reportError, context.node)
 
 
@@ -97,7 +99,7 @@
         secure = evaluateCall(xssVar, parent)
     elif isinstance(xssVar, ast.BinOp):
         isMod = isinstance(xssVar.op, ast.Mod)
-        isLeftStr = isinstance(xssVar.left, ast.Str)
+        isLeftStr = AstUtilities.isString(xssVar.left)
         if isMod and isLeftStr:
             parent = node._securityParent
             while not isinstance(parent, (ast.Module, ast.FunctionDef)):
@@ -260,7 +262,7 @@
                 break
             to = analyser.isAssigned(node)
             if to:
-                if isinstance(to, ast.Str):
+                if AstUtilities.isString(to):
                     secure = True
                 elif isinstance(to, ast.Name):
                     secure = evaluateVar(
@@ -270,7 +272,7 @@
                 elif isinstance(to, (list, tuple)):
                     numSecure = 0
                     for someTo in to:
-                        if isinstance(someTo, ast.Str):
+                        if AstUtilities.isString(someTo):
                             numSecure += 1
                         elif isinstance(someTo, ast.Name):
                             if evaluateVar(someTo, parent,
@@ -309,7 +311,10 @@
     evaluate = False
     
     if isinstance(call, ast.Call) and isinstance(call.func, ast.Attribute):
-        if isinstance(call.func.value, ast.Str) and call.func.attr == 'format':
+        if (
+            AstUtilities.isString(call.func.value) and
+            call.func.attr == 'format'
+        ):
             evaluate = True
             if call.keywords or (PY2 and call.kwargs):
                 evaluate = False
@@ -325,7 +330,7 @@
         
         numSecure = 0
         for arg in args:
-            if isinstance(arg, ast.Str):
+            if AstUtilities.isString(arg):
                 numSecure += 1
             elif isinstance(arg, ast.Name):
                 if evaluateVar(arg, parent, call.lineno, ignoreNodes):
@@ -362,7 +367,7 @@
     """
     if isinstance(var, ast.BinOp):
         isMod = isinstance(var.op, ast.Mod)
-        isLeftStr = isinstance(var.left, ast.Str)
+        isLeftStr = AstUtilities.isString(var.left)
         if isMod and isLeftStr:
             newCall = ast.Call()
             newCall.args = []

Mercurial Repository: eric

eric ide

mercurial