--- a/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/djangoXssVulnerability.py Mon Jun 22 17:55:06 2020 +0200
+++ b/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/djangoXssVulnerability.py Tue Jun 23 17:24:18 2020 +0200
@@ -16,12 +16,9 @@
#
import ast
-import sys
import AstUtilities
-PY2 = sys.version_info[0] == 2
-
def getChecks():
"""
@@ -85,8 +82,7 @@
isParam = False
if isinstance(parent, ast.FunctionDef):
for name in parent.args.args:
- argName = name.id if PY2 else name.arg
- if argName == xssVar.id:
+ if name.arg == xssVar.id:
isParam = True
break
@@ -179,28 +175,13 @@
assigned = self.isAssignedIn(node.body)
elif isinstance(node, ast.With):
- if PY2:
- if node.optional_vars.id == self.__varName.id:
+ for withitem in node.items:
+ varId = getattr(withitem.optional_vars, 'id', None)
+ if varId == self.__varName.id:
assigned = node
else:
assigned = self.isAssignedIn(node.body)
- else:
- for withitem in node.items:
- varId = getattr(withitem.optional_vars, 'id', None)
- if varId == self.__varName.id:
- assigned = node
- else:
- assigned = self.isAssignedIn(node.body)
- elif PY2 and isinstance(node, ast.TryFinally):
- assigned = []
- assigned.extend(self.isAssignedIn(node.body))
- assigned.extend(self.isAssignedIn(node.finalbody))
- elif PY2 and isinstance(node, ast.TryExcept):
- assigned = []
- assigned.extend(self.isAssignedIn(node.body))
- assigned.extend(self.isAssignedIn(node.handlers))
- assigned.extend(self.isAssignedIn(node.orelse))
- elif not PY2 and isinstance(node, ast.Try):
+ elif isinstance(node, ast.Try):
assigned = []
assigned.extend(self.isAssignedIn(node.body))
assigned.extend(self.isAssignedIn(node.handlers))
@@ -252,8 +233,7 @@
if isinstance(xssVar, ast.Name):
if isinstance(parent, ast.FunctionDef):
for name in parent.args.args:
- argName = name.id if PY2 else name.arg
- if argName == xssVar.id:
+ if name.arg == xssVar.id:
return False # Params are not secure
analyser = DeepAssignation(xssVar, ignoreNodes)
@@ -316,17 +296,11 @@
call.func.attr == 'format'
):
evaluate = True
- if call.keywords or (PY2 and call.kwargs):
+ if call.keywords:
evaluate = False
if evaluate:
args = list(call.args)
- if (
- PY2 and
- call.starargs and
- isinstance(call.starargs, (ast.List, ast.Tuple))
- ):
- args.extend(call.starargs.elts)
numSecure = 0
for arg in args:
@@ -343,7 +317,6 @@
else:
break
elif (
- not PY2 and
isinstance(arg, ast.Starred) and
isinstance(arg.value, (ast.List, ast.Tuple))
):
@@ -372,19 +345,13 @@
newCall = ast.Call()
newCall.args = []
newCall.args = []
- if PY2:
- newCall.starargs = None
newCall.keywords = None
- if PY2:
- newCall.kwargs = None
newCall.lineno = var.lineno
newCall.func = ast.Attribute()
newCall.func.value = var.left
newCall.func.attr = 'format'
if isinstance(var.right, ast.Tuple):
newCall.args = var.right.elts
- elif PY2 and isinstance(var.right, ast.Dict):
- newCall.kwargs = var.right
else:
newCall.args = [var.right]
