Mercurial Repositories > eric / file diff

diff: src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py

branch
eric7
changeset 9325
8157eb19aba5
parent 9221
bf71ee032bb4
child 9576
be9f8e7e42e0
--- a/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py	Tue Sep 13 19:46:19 2022 +0200
+++ b/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py	Tue Sep 13 20:00:55 2022 +0200
@@ -42,15 +42,38 @@
     "S108": QCoreApplication.translate(
         "Security", "Probable insecure usage of temp file/directory."
     ),
-    # try-except
+    # try-except and contextlib.suppress
     "S110": QCoreApplication.translate("Security", "Try, Except, Pass detected."),
     "S112": QCoreApplication.translate("Security", "Try, Except, Continue detected."),
+    "S113": QCoreApplication.translate("Security", "'contextlib.suppress()' detected."),
+    # request without timeout
+    "S114.1": QCoreApplication.translate("Security", "Requests call without timeout."),
+    "S114.2": QCoreApplication.translate(
+        "Security",
+        "Requests call with timeout set to None.",
+    ),
     # flask app
     "S201": QCoreApplication.translate(
         "Security",
         "A Flask app appears to be run with debug=True, which exposes the"
         " Werkzeug debugger and allows the execution of arbitrary code.",
     ),
+    # tarfile.extractall
+    "S202.1": QCoreApplication.translate(
+        "Security",
+        "Usage of 'tarfile.extractall(members=function(tarfile))'. "
+        "Make sure your function properly discards dangerous members ({0}).",
+    ),
+    "S202.2": QCoreApplication.translate(
+        "Security",
+        "Found 'tarfile.extractall(members=?)' but couldn't identify the type of"
+        " members. Check if the members were properly validated ({0}).",
+    ),
+    "S202.3": QCoreApplication.translate(
+        "Security",
+        "'tarfile.extractall()' used without any validation. Please check and"
+        " discard dangerous members.",
+    ),
     # blacklisted calls
     "S301": QCoreApplication.translate(
         "Security",
@@ -76,7 +99,7 @@
     ),
     "S307": QCoreApplication.translate(
         "Security",
-        "Use of possibly insecure function - consider using safer" " ast.literal_eval.",
+        "Use of possibly insecure function - consider using safer ast.literal_eval.",
     ),
     "S308": QCoreApplication.translate(
         "Security",
@@ -181,6 +204,10 @@
     "S331": QCoreApplication.translate(
         "Security", "Use of insecure {0} hash function."
     ),
+    "S332": QCoreApplication.translate(
+        "Security",
+        "Use of insecure {0} hash for security. Consider" " 'usedforsecurity=False'.",
+    ),
     # blacklisted imports
     "S401": QCoreApplication.translate(
         "Security",
@@ -194,11 +221,11 @@
     ),
     "S403": QCoreApplication.translate(
         "Security",
-        "Consider possible security implications associated with the '{0}'" " module.",
+        "Consider possible security implications associated with the '{0}' module.",
     ),
     "S404": QCoreApplication.translate(
         "Security",
-        "Consider possible security implications associated with the '{0}'" " module.",
+        "Consider possible security implications associated with the '{0}' module.",
     ),
     "S405": QCoreApplication.translate(
         "Security",
@@ -244,7 +271,7 @@
     ),
     "S412": QCoreApplication.translate(
         "Security",
-        "Consider possible security implications associated with '{0}'" " module.",
+        "Consider possible security implications associated with '{0}' module.",
     ),
     "S413": QCoreApplication.translate(
         "Security",
@@ -252,6 +279,11 @@
         " maintained and have been deprecated. Consider using"
         " pyca/cryptography library.",
     ),
+    "S414": QCoreApplication.translate(
+        "Security",
+        "An IPMI-related module is being imported. IPMI is considered "
+        "insecure. Use an encrypted protocol.",
+    ),
     # insecure certificate usage
     "S501": QCoreApplication.translate(
         "Security",
@@ -297,7 +329,17 @@
     # SSH host key verification
     "S507": QCoreApplication.translate(
         "Security",
-        "Paramiko call with policy set to automatically trust the unknown" " host key.",
+        "Paramiko call with policy set to automatically trust the unknown host key.",
+    ),
+    # insecure SNMP
+    "S508": QCoreApplication.translate(
+        "Security",
+        "The use of SNMPv1 and SNMPv2 is insecure. You should use SNMPv3 if possible.",
+    ),
+    "S509": QCoreApplication.translate(
+        "Security",
+        "You should not use SNMPv3 without encryption. noAuthNoPriv & authNoPriv is"
+        " insecure.",
     ),
     # Shell injection
     "S601": QCoreApplication.translate(
@@ -340,7 +382,7 @@
     # SQL injection
     "S608": QCoreApplication.translate(
         "Security",
-        "Possible SQL injection vector through string-based query" " construction.",
+        "Possible SQL injection vector through string-based query construction.",
     ),
     # Wildcard injection
     "S609": QCoreApplication.translate(
@@ -392,6 +434,8 @@
     "S105": ["password"],
     "S106": ["password"],
     "S107": ["password"],
+    "S202.1": ["members_filter(tar)"],
+    "S202.2": ["tar"],
     "S304": ["Crypto.Cipher.DES"],
     "S305": ["cryptography.hazmat.primitives.ciphers.modes.ECB"],
     "S313": ["xml.etree.cElementTree.parse"],

Mercurial Repository: eric

eric ide

mercurial