--- a/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/generalHardcodedPassword.py Wed Jul 13 11:16:20 2022 +0200
+++ b/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/generalHardcodedPassword.py Wed Jul 13 14:55:47 2022 +0200
@@ -21,16 +21,13 @@
import AstUtilities
RE_WORDS = "(pas+wo?r?d|pass(phrase)?|pwd|token|secrete?|ken+wort|geheim)"
-RE_CANDIDATES = re.compile(
- '(^{0}$|_{0}_|^{0}_|_{0}$)'.format(RE_WORDS),
- re.IGNORECASE
-)
+RE_CANDIDATES = re.compile("(^{0}$|_{0}_|^{0}_|_{0}$)".format(RE_WORDS), re.IGNORECASE)
def getChecks():
"""
Public method to get a dictionary with checks handled by this module.
-
+
@return dictionary containing checker lists containing checker function and
list of codes
@rtype dict
@@ -51,7 +48,7 @@
def checkHardcodedPasswordAsString(reportError, context, config):
"""
Function to check for use of hardcoded password strings.
-
+
@param reportError function to be used to report errors
@type func
@param context security context object
@@ -70,19 +67,30 @@
"S105",
"L",
"M",
- node.s
+ node.s,
)
-
- elif (
- isinstance(node._securityParent, ast.Index) and
- RE_CANDIDATES.search(node.s)
- ):
+
+ elif isinstance(node._securityParent, ast.Index) and RE_CANDIDATES.search(node.s):
# looks for "dict[candidate]='some_string'"
# assign -> subscript -> index -> string
assign = node._securityParent._securityParent._securityParent
+ if isinstance(assign, ast.Assign) and AstUtilities.isString(assign.value):
+ reportError(
+ context.node.lineno - 1,
+ context.node.col_offset,
+ "S105",
+ "L",
+ "M",
+ assign.value.s,
+ )
+
+ elif isinstance(node._securityParent, ast.Compare):
+ # looks for "candidate == 'some_string'"
+ comp = node._securityParent
if (
- isinstance(assign, ast.Assign) and
- AstUtilities.isString(assign.value)
+ isinstance(comp.left, ast.Name)
+ and RE_CANDIDATES.search(comp.left.id)
+ and AstUtilities.isString(comp.comparators[0])
):
reportError(
context.node.lineno - 1,
@@ -90,31 +98,14 @@
"S105",
"L",
"M",
- assign.value.s
- )
-
- elif isinstance(node._securityParent, ast.Compare):
- # looks for "candidate == 'some_string'"
- comp = node._securityParent
- if (
- isinstance(comp.left, ast.Name) and
- RE_CANDIDATES.search(comp.left.id) and
- AstUtilities.isString(comp.comparators[0])
- ):
- reportError(
- context.node.lineno - 1,
- context.node.col_offset,
- "S105",
- "L",
- "M",
- comp.comparators[0].s
+ comp.comparators[0].s,
)
def checkHardcodedPasswordAsFunctionArg(reportError, context, config):
"""
Function to check for use of hard-coded password function arguments.
-
+
@param reportError function to be used to report errors
@type func
@param context security context object
@@ -131,14 +122,14 @@
"S106",
"L",
"M",
- kw.value.s
+ kw.value.s,
)
def checkHardcodedPasswordAsDefault(reportError, context, config):
"""
Function to check for use of hard-coded password argument defaults.
-
+
@param reportError function to be used to report errors
@type func
@param context security context object
@@ -147,17 +138,17 @@
@type dict
"""
# looks for "def function(candidate='some_string')"
-
+
# this pads the list of default values with "None" if nothing is given
- defs = [None] * (len(context.node.args.args) -
- len(context.node.args.defaults))
+ defs = [None] * (len(context.node.args.args) - len(context.node.args.defaults))
defs.extend(context.node.args.defaults)
-
+
# go through all (param, value)s and look for candidates
for key, val in zip(context.node.args.args, defs):
if (
- isinstance(key, (ast.Name, ast.arg)) and
- AstUtilities.isString(val) and RE_CANDIDATES.search(key.arg)
+ isinstance(key, (ast.Name, ast.arg))
+ and AstUtilities.isString(val)
+ and RE_CANDIDATES.search(key.arg)
):
reportError(
context.node.lineno - 1,
@@ -165,5 +156,5 @@
"S107",
"L",
"M",
- val.s
+ val.s,
)
