Mercurial Repositories > eric / file diff

--- a/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/generalFilePermissions.py	Tue Sep 13 19:46:19 2022 +0200
+++ b/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/generalFilePermissions.py	Tue Sep 13 20:00:55 2022 +0200
@@ -33,6 +33,23 @@
     }
 
 
+def _statIsDangerous(mode):
+    """
+    Function to check for dangerous stat values.
+
+    @param mode file mode to be checked
+    @type int
+    @return mode with masked dangerous values
+    @rtype int
+    """
+    return (
+        mode & stat.S_IWOTH
+        or mode & stat.S_IWGRP
+        or mode & stat.S_IXGRP
+        or mode & stat.S_IXOTH
+    )
+
+
 def checkFilePermissions(reportError, context, config):
     """
     Function to check for setting too permissive file permissions.
@@ -47,11 +64,7 @@
     if "chmod" in context.callFunctionName and context.callArgsCount == 2:
         mode = context.getCallArgAtPosition(1)
 
-        if (
-            mode is not None
-            and isinstance(mode, int)
-            and (mode & stat.S_IWOTH or mode & stat.S_IXGRP)
-        ):
+        if mode is not None and isinstance(mode, int) and _statIsDangerous(mode):
             # world writable is an HIGH, group executable is a MEDIUM
             if mode & stat.S_IWOTH:
                 severity = "H"