--- a/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/djangoXssVulnerability.py Fri Apr 02 11:59:41 2021 +0200
+++ b/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/djangoXssVulnerability.py Sat May 01 14:27:20 2021 +0200
@@ -113,7 +113,7 @@
)
-class DeepAssignation(object):
+class DeepAssignation:
"""
Class to perform a deep analysis of an assign.
"""
@@ -159,28 +159,33 @@
@rtype bool
"""
assigned = False
- if self.__ignoreNodes:
- if isinstance(self.__ignoreNodes, (list, tuple, object)):
- if isinstance(node, self.__ignoreNodes):
- return assigned
+ if (
+ self.__ignoreNodes and
+ isinstance(self.__ignoreNodes, (list, tuple, object)) and
+ isinstance(node, self.__ignoreNodes)
+ ):
+ return assigned
if isinstance(node, ast.Expr):
assigned = self.isAssigned(node.value)
elif isinstance(node, ast.FunctionDef):
for name in node.args.args:
- if isinstance(name, ast.Name):
- if name.id == self.var_name.id:
- # If is param the assignations are not affected
- return assigned
+ if (
+ isinstance(name, ast.Name) and
+ name.id == self.var_name.id
+ ):
+ # If is param the assignations are not affected
+ return assigned
assigned = self.isAssignedIn(node.body)
elif isinstance(node, ast.With):
for withitem in node.items:
varId = getattr(withitem.optional_vars, 'id', None)
- if varId == self.__varName.id:
- assigned = node
- else:
- assigned = self.isAssignedIn(node.body)
+ assigned = (
+ node
+ if varId == self.__varName.id else
+ self.isAssignedIn(node.body)
+ )
elif isinstance(node, ast.Try):
assigned = []
assigned.extend(self.isAssignedIn(node.body))
@@ -194,22 +199,22 @@
assigned = []
assigned.extend(self.isAssignedIn(node.body))
assigned.extend(self.isAssignedIn(node.orelse))
- elif isinstance(node, ast.AugAssign):
- if isinstance(node.target, ast.Name):
- if node.target.id == self.__varName.id:
- assigned = node.value
+ elif (
+ isinstance(node, ast.AugAssign) and
+ isinstance(node.target, ast.Name) and
+ node.target.id == self.__varName.id
+ ):
+ assigned = node.value
elif isinstance(node, ast.Assign) and node.targets:
target = node.targets[0]
if isinstance(target, ast.Name):
if target.id == self.__varName.id:
assigned = node.value
elif isinstance(target, ast.Tuple):
- pos = 0
- for name in target.elts:
+ for pos, name in enumerate(target.elts):
if name.id == self.__varName.id:
assigned = node.value.elts[pos]
break
- pos += 1
return assigned
@@ -231,10 +236,11 @@
"""
secure = False
if isinstance(xssVar, ast.Name):
- if isinstance(parent, ast.FunctionDef):
- for name in parent.args.args:
- if name.arg == xssVar.id:
- return False # Params are not secure
+ if (
+ isinstance(parent, ast.FunctionDef) and
+ any(name.arg == xssVar.id for name in parent.args.args)
+ ):
+ return False # Params are not secure
analyser = DeepAssignation(xssVar, ignoreNodes)
for node in parent.body:
@@ -290,14 +296,15 @@
secure = False
evaluate = False
- if isinstance(call, ast.Call) and isinstance(call.func, ast.Attribute):
- if (
- AstUtilities.isString(call.func.value) and
- call.func.attr == 'format'
- ):
- evaluate = True
- if call.keywords:
- evaluate = False
+ if (
+ isinstance(call, ast.Call) and
+ isinstance(call.func, ast.Attribute) and
+ AstUtilities.isString(call.func.value) and
+ call.func.attr == 'format'
+ ):
+ evaluate = True
+ if call.keywords:
+ evaluate = False
if evaluate:
args = list(call.args)
