--- a/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/injectionShell.py Sun Apr 11 16:53:48 2021 +0200
+++ b/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/injectionShell.py Sun Apr 11 18:45:10 2021 +0200
@@ -116,25 +116,24 @@
if context.callFunctionNameQual in functionNames:
shell, shellValue = hasShell(context)
- if shell and shellValue:
- if len(context.callArgs) > 0:
- sev = _evaluateShellCall(context)
- if sev == "L":
- reportError(
- context.getLinenoForCallArg('shell') - 1,
- context.getOffsetForCallArg('shell'),
- "S602.L",
- sev,
- "H",
- )
- else:
- reportError(
- context.getLinenoForCallArg('shell') - 1,
- context.getOffsetForCallArg('shell'),
- "S602.H",
- sev,
- "H",
- )
+ if shell and shellValue and len(context.callArgs) > 0:
+ sev = _evaluateShellCall(context)
+ if sev == "L":
+ reportError(
+ context.getLinenoForCallArg('shell') - 1,
+ context.getOffsetForCallArg('shell'),
+ "S602.L",
+ sev,
+ "H",
+ )
+ else:
+ reportError(
+ context.getLinenoForCallArg('shell') - 1,
+ context.getOffsetForCallArg('shell'),
+ "S602.H",
+ sev,
+ "H",
+ )
def checkSubprocessPopenWithoutShell(reportError, context, config):
@@ -153,15 +152,17 @@
else:
functionNames = SecurityDefaults["shell_injection_subprocess"]
- if context.callFunctionNameQual in functionNames:
- if not hasShell(context)[0]:
- reportError(
- context.node.lineno - 1,
- context.node.col_offset,
- "S603",
- "L",
- "H",
- )
+ if (
+ context.callFunctionNameQual in functionNames and
+ not hasShell(context)[0]
+ ):
+ reportError(
+ context.node.lineno - 1,
+ context.node.col_offset,
+ "S603",
+ "L",
+ "H",
+ )
def checkOtherFunctionWithShell(reportError, context, config):
@@ -208,25 +209,27 @@
else:
functionNames = SecurityDefaults["shell_injection_shell"]
- if context.callFunctionNameQual in functionNames:
- if len(context.callArgs) > 0:
- sev = _evaluateShellCall(context)
- if sev == "L":
- reportError(
- context.node.lineno - 1,
- context.node.col_offset,
- "S605.L",
- sev,
- "H",
- )
- else:
- reportError(
- context.node.lineno - 1,
- context.node.col_offset,
- "S605.H",
- sev,
- "H",
- )
+ if (
+ context.callFunctionNameQual in functionNames and
+ len(context.callArgs) > 0
+ ):
+ sev = _evaluateShellCall(context)
+ if sev == "L":
+ reportError(
+ context.node.lineno - 1,
+ context.node.col_offset,
+ "S605.L",
+ sev,
+ "H",
+ )
+ else:
+ reportError(
+ context.node.lineno - 1,
+ context.node.col_offset,
+ "S605.H",
+ sev,
+ "H",
+ )
def checkStartProcessWithNoShell(reportError, context, config):
@@ -281,23 +284,25 @@
else:
functionNames += SecurityDefaults["shell_injection_noshell"]
- if len(context.callArgs):
- if context.callFunctionNameQual in functionNames:
- node = context.node.args[0]
-
- # some calls take an arg list, check the first part
- if isinstance(node, ast.List):
- node = node.elts[0]
-
- # make sure the param is a string literal and not a var name
- if (
- AstUtilities.isString(node) and
- not fullPathMatchRe.match(node.s)
- ):
- reportError(
- context.node.lineno - 1,
- context.node.col_offset,
- "S607",
- "L",
- "H",
- )
+ if (
+ len(context.callArgs) and
+ context.callFunctionNameQual in functionNames
+ ):
+ node = context.node.args[0]
+
+ # some calls take an arg list, check the first part
+ if isinstance(node, ast.List):
+ node = node.elts[0]
+
+ # make sure the param is a string literal and not a var name
+ if (
+ AstUtilities.isString(node) and
+ not fullPathMatchRe.match(node.s)
+ ):
+ reportError(
+ context.node.lineno - 1,
+ context.node.col_offset,
+ "S607",
+ "L",
+ "H",
+ )
