--- a/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityChecker.py Mon Jun 08 20:08:27 2020 +0200
+++ b/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityChecker.py Tue Jun 09 20:10:59 2020 +0200
@@ -23,13 +23,30 @@
# assert used
"S101",
+ # exec used
+ "S102",
+
+ # bad file permissions
+ "S103",
+
+ # bind to all interfaces
+ "S104",
+
+ # hardcoded passwords
+ "S105", "S106", "S107"
+
+ # hardcoded tmp directory
+ "S108",
+
# flask app
"S201",
# insecure function calls (blacklisted)
"S301", "S302", "S303", "S304", "S305", "S306", "S307", "S308", "S309",
"S310", "S311", "S312", "S313", "S314", "S315", "S316", "S317", "S318",
- "S319", "S320", "S321", "S322", "S323", "S325",
+ "S319", "S320", "S321", "S322", "S323", "S325", # TODO: check S324
+ # hashlib.new
+ "S324",
# insecure imports (blacklisted)
"S401", "S402", "S403", "S404", "S405", "S406", "S407", "S408", "S409",
@@ -38,14 +55,17 @@
# insecure certificate usage
"S501",
+ # YAML load
+ "S506",
+
+ # Shell injection
+ "S601", "S602", "S603", "S604", "S605", "S606", "S607",
+
# Django SQL injection
"S610", "S611",
# Django XSS vulnerability
"S703",
-
- # YAML load
- "S506",
]
def __init__(self, source, filename, select, ignore, expected, repeat,
@@ -65,7 +85,7 @@
@type list of str
@param repeat flag indicating to report each occurrence of a code
@type bool
- @param args dictionary of arguments for the miscellaneous checks
+ @param args dictionary of arguments for the security checks
@type dict
"""
self.__select = tuple(select)
@@ -158,12 +178,12 @@
offset = offset[1:3]
else:
offset = (1, 0)
- self.__error(offset[0] - 1,
- offset[1] or 0,
- 'S999',
- "H",
- "H",
- exc_type.__name__, exc.args[0])
+ self.reportError(offset[0] - 1,
+ offset[1] or 0,
+ 'S999',
+ "H",
+ "H",
+ exc_type.__name__, exc.args[0])
def __generateTree(self):
"""
