Mercurial Repositories > eric / file diff

--- a/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/injectionShell.py	Tue Sep 13 19:46:19 2022 +0200
+++ b/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/injectionShell.py	Tue Sep 13 20:00:55 2022 +0200
@@ -70,15 +70,12 @@
 
     @param context context to be inspected
     @type SecurityContext
-    @return tuple containing a flag indicating the presence of the 'shell'
-        argument and flag indicating the value of the 'shell' argument
-    @rtype tuple of (bool, bool)
+    @return flag indicating the value of the 'shell' argument
+    @rtype bool
     """
     keywords = context.node.keywords
     result = False
-    shell = False
     if "shell" in context.callKeywords:
-        shell = True
         for key in keywords:
             if key.arg == "shell":
                 val = key.value
@@ -95,7 +92,7 @@
                 else:
                     result = True
 
-    return shell, result
+    return result
 
 
 def checkSubprocessPopenWithShell(reportError, context, config):
@@ -115,26 +112,28 @@
         else SecurityDefaults["shell_injection_subprocess"]
     )
 
-    if context.callFunctionNameQual in functionNames:
-        shell, shellValue = hasShell(context)
-        if shell and shellValue and len(context.callArgs) > 0:
-            sev = _evaluateShellCall(context)
-            if sev == "L":
-                reportError(
-                    context.getLinenoForCallArg("shell") - 1,
-                    context.getOffsetForCallArg("shell"),
-                    "S602.L",
-                    sev,
-                    "H",
-                )
-            else:
-                reportError(
-                    context.getLinenoForCallArg("shell") - 1,
-                    context.getOffsetForCallArg("shell"),
-                    "S602.H",
-                    sev,
-                    "H",
-                )
+    if (
+        context.callFunctionNameQual in functionNames
+        and hasShell(context)
+        and len(context.callArgs) > 0
+    ):
+        sev = _evaluateShellCall(context)
+        if sev == "L":
+            reportError(
+                context.getLinenoForCallArg("shell") - 1,
+                context.getOffsetForCallArg("shell"),
+                "S602.L",
+                sev,
+                "H",
+            )
+        else:
+            reportError(
+                context.getLinenoForCallArg("shell") - 1,
+                context.getOffsetForCallArg("shell"),
+                "S602.H",
+                sev,
+                "H",
+            )
 
 
 def checkSubprocessPopenWithoutShell(reportError, context, config):
@@ -154,7 +153,7 @@
         else SecurityDefaults["shell_injection_subprocess"]
     )
 
-    if context.callFunctionNameQual in functionNames and not hasShell(context)[0]:
+    if context.callFunctionNameQual in functionNames and not hasShell(context):
         reportError(
             context.node.lineno - 1,
             context.node.col_offset,
@@ -181,16 +180,14 @@
         else SecurityDefaults["shell_injection_subprocess"]
     )
 
-    if context.callFunctionNameQual not in functionNames:
-        shell, shellValue = hasShell(context)
-        if shell and shellValue:
-            reportError(
-                context.getLinenoForCallArg("shell") - 1,
-                context.getOffsetForCallArg("shell"),
-                "S604",
-                "M",
-                "L",
-            )
+    if context.callFunctionNameQual not in functionNames and hasShell(context):
+        reportError(
+            context.getLinenoForCallArg("shell") - 1,
+            context.getOffsetForCallArg("shell"),
+            "S604",
+            "M",
+            "L",
+        )
 
 
 def checkStartProcessWithShell(reportError, context, config):