Mercurial Repositories > eric / file diff

diff: src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/injectionSql.py

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/injectionSql.py

branch
eric7
changeset 9221
bf71ee032bb4
parent 9209
b99e7fd55fd3
child 9653
e67609152c5e
--- a/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/injectionSql.py	Wed Jul 13 11:16:20 2022 +0200
+++ b/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/injectionSql.py	Wed Jul 13 14:55:47 2022 +0200
@@ -24,7 +24,7 @@
 def getChecks():
     """
     Public method to get a dictionary with checks handled by this module.
-    
+
     @return dictionary containing checker lists containing checker function and
         list of codes
     @rtype dict
@@ -37,10 +37,10 @@
 
 
 SIMPLE_SQL_RE = re.compile(
-    r'(select\s.*from\s|'
-    r'delete\s+from\s|'
-    r'insert\s+into\s.*values\s|'
-    r'update\s.*set\s)',
+    r"(select\s.*from\s|"
+    r"delete\s+from\s|"
+    r"insert\s+into\s.*values\s|"
+    r"update\s.*set\s)",
     re.IGNORECASE | re.DOTALL,
 )
 
@@ -48,7 +48,7 @@
 def _checkString(data):
     """
     Function to check a given string against the list of search patterns.
-    
+
     @param data string data to be checked
     @type str
     @return flag indicating a match
@@ -60,7 +60,7 @@
 def _evaluateAst(node):
     """
     Function to analyze the given ast node.
-    
+
     @param node ast node to be analyzed
     @type ast.Str
     @return tuple containing a flag indicating an execute call and
@@ -68,28 +68,25 @@
     @rtype tuple of (bool, str)
     """
     wrapper = None
-    statement = ''
+    statement = ""
 
     if isinstance(node._securityParent, ast.BinOp):
         out = SecurityUtils.concatString(node, node._securityParent)
         wrapper = out[0]._securityParent
         statement = out[1]
     elif (
-        isinstance(node._securityParent, ast.Attribute) and
-        node._securityParent.attr == 'format'
+        isinstance(node._securityParent, ast.Attribute)
+        and node._securityParent.attr == "format"
     ):
         statement = node.s
         # Hierarchy for "".format() is Wrapper -> Call -> Attribute -> Str
         wrapper = node._securityParent._securityParent._securityParent
-    elif (
-        hasattr(ast, 'JoinedStr') and
-        isinstance(node._securityParent, ast.JoinedStr)
-    ):
+    elif hasattr(ast, "JoinedStr") and isinstance(node._securityParent, ast.JoinedStr):
         statement = node.s
         wrapper = node._securityParent._securityParent
-    
+
     if isinstance(wrapper, ast.Call):  # wrapped in "execute" call?
-        names = ['execute', 'executemany']
+        names = ["execute", "executemany"]
         name = SecurityUtils.getCalledName(wrapper)
         return (name in names, statement)
     else:
@@ -99,7 +96,7 @@
 def checkHardcodedSqlExpressions(reportError, context, config):
     """
     Function to check for SQL injection.
-    
+
     @param reportError function to be used to report errors
     @type func
     @param context security context object

Mercurial Repository: eric

eric ide

mercurial