Mercurial Repositories > eric / file diff

diff: src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/injectionWildcard.py

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/injectionWildcard.py

branch
eric7
changeset 9221
bf71ee032bb4
parent 9209
b99e7fd55fd3
child 9653
e67609152c5e
--- a/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/injectionWildcard.py	Wed Jul 13 11:16:20 2022 +0200
+++ b/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/injectionWildcard.py	Wed Jul 13 14:55:47 2022 +0200
@@ -21,7 +21,7 @@
 def getChecks():
     """
     Public method to get a dictionary with checks handled by this module.
-    
+
     @return dictionary containing checker lists containing checker function and
         list of codes
     @rtype dict
@@ -36,7 +36,7 @@
 def checkLinuxCommandsWildcardInjection(reportError, context, config):
     """
     Function to check for use of wildcard injection.
-    
+
     @param reportError function to be used to report errors
     @type func
     @param context security context object
@@ -46,41 +46,39 @@
     """
     subProcessFunctionNames = (
         config["shell_injection_subprocess"]
-        if config and "shell_injection_subprocess" in config else
-        SecurityDefaults["shell_injection_subprocess"]
+        if config and "shell_injection_subprocess" in config
+        else SecurityDefaults["shell_injection_subprocess"]
     )
-    
+
     shellFunctionNames = (
         config["shell_injection_shell"]
-        if config and "shell_injection_shell" in config else
-        SecurityDefaults["shell_injection_shell"]
+        if config and "shell_injection_shell" in config
+        else SecurityDefaults["shell_injection_shell"]
     )
-    
-    vulnerableFunctions = ['chown', 'chmod', 'tar', 'rsync']
+
+    vulnerableFunctions = ["chown", "chmod", "tar", "rsync"]
     if (
-        (context.callFunctionNameQual in shellFunctionNames or
-         (context.callFunctionNameQual in subProcessFunctionNames and
-          context.checkCallArgValue('shell', 'True'))) and
-        context.callArgsCount >= 1
-    ):
+        context.callFunctionNameQual in shellFunctionNames
+        or (
+            context.callFunctionNameQual in subProcessFunctionNames
+            and context.checkCallArgValue("shell", "True")
+        )
+    ) and context.callArgsCount >= 1:
         callArgument = context.getCallArgAtPosition(0)
-        argumentString = ''
+        argumentString = ""
         if isinstance(callArgument, list):
             for li in callArgument:
-                argumentString += ' {0}'.format(li)
+                argumentString += " {0}".format(li)
         elif isinstance(callArgument, str):
             argumentString = callArgument
-        
-        if argumentString != '':
+
+        if argumentString != "":
             for vulnerableFunction in vulnerableFunctions:
-                if (
-                    vulnerableFunction in argumentString and
-                    '*' in argumentString
-                ):
-                    lineNo = context.getLinenoForCallArg('shell')
+                if vulnerableFunction in argumentString and "*" in argumentString:
+                    lineNo = context.getLinenoForCallArg("shell")
                     if lineNo < 1:
                         lineNo = context.node.lineno
-                    offset = context.getOffsetForCallArg('shell')
+                    offset = context.getOffsetForCallArg("shell")
                     if offset < 0:
                         offset = context.node.col_offset
                     reportError(
@@ -89,5 +87,5 @@
                         "S609",
                         "H",
                         "M",
-                        context.callFunctionNameQual
+                        context.callFunctionNameQual,
                     )

Mercurial Repository: eric

eric ide

mercurial