--- a/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/injectionShell.py Tue Jun 09 20:10:59 2020 +0200
+++ b/eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/injectionShell.py Wed Jun 10 17:52:53 2020 +0200
@@ -19,6 +19,8 @@
import re
import sys
+from Security.SecurityDefaults import SecurityDefaults
+
# This regex starts with a windows drive letter (eg C:)
# or one of our path delimeter characters (/, \, .)
fullPathMatchRe = re.compile(r'^(?:[A-Za-z](?=\:)|[\\\/\.])')
@@ -44,62 +46,6 @@
}
-def _defaultValues(key):
- """
- Function to get the default values for a given check key.
-
- @param key key to get default values for
- @type str
- @return list with default values
- @rtype list of str
- """
- if key == "shell_injection_subprocess":
- return [
- 'subprocess.Popen',
- 'subprocess.call',
- 'subprocess.check_call',
- 'subprocess.check_output',
- 'subprocess.run'
- ]
- elif key == "shell_injection_shell":
- return [
- 'os.system',
- 'os.popen',
- 'os.popen2',
- 'os.popen3',
- 'os.popen4',
- 'popen2.popen2',
- 'popen2.popen3',
- 'popen2.popen4',
- 'popen2.Popen3',
- 'popen2.Popen4',
- 'commands.getoutput',
- 'commands.getstatusoutput'
- ]
- elif key == "shell_injection_noshell":
- return [
- 'os.execl',
- 'os.execle',
- 'os.execlp',
- 'os.execlpe',
- 'os.execv',
- 'os.execve',
- 'os.execvp',
- 'os.execvpe',
- 'os.spawnl',
- 'os.spawnle',
- 'os.spawnlp',
- 'os.spawnlpe',
- 'os.spawnv',
- 'os.spawnve',
- 'os.spawnvp',
- 'os.spawnvpe',
- 'os.startfile'
- ]
- else:
- return []
-
-
def _evaluateShellCall(context):
"""
Function to determine the severity of a shell call.
@@ -168,7 +114,7 @@
if config and "shell_injection_subprocess" in config:
functionNames = config["shell_injection_subprocess"]
else:
- functionNames = _defaultValues("shell_injection_subprocess")
+ functionNames = SecurityDefaults["shell_injection_subprocess"]
if context.callFunctionNameQual in functionNames:
shell, shellValue = hasShell(context)
@@ -207,7 +153,7 @@
if config and "shell_injection_subprocess" in config:
functionNames = config["shell_injection_subprocess"]
else:
- functionNames = _defaultValues("shell_injection_subprocess")
+ functionNames = SecurityDefaults["shell_injection_subprocess"]
if context.callFunctionNameQual in functionNames:
if not hasShell(context)[0]:
@@ -234,7 +180,7 @@
if config and "shell_injection_subprocess" in config:
functionNames = config["shell_injection_subprocess"]
else:
- functionNames = _defaultValues("shell_injection_subprocess")
+ functionNames = SecurityDefaults["shell_injection_subprocess"]
if context.callFunctionNameQual not in functionNames:
shell, shellValue = hasShell(context)
@@ -262,7 +208,7 @@
if config and "shell_injection_shell" in config:
functionNames = config["shell_injection_shell"]
else:
- functionNames = _defaultValues("shell_injection_shell")
+ functionNames = SecurityDefaults["shell_injection_shell"]
if context.callFunctionNameQual in functionNames:
if len(context.callArgs) > 0:
@@ -299,7 +245,7 @@
if config and "shell_injection_noshell" in config:
functionNames = config["shell_injection_noshell"]
else:
- functionNames = _defaultValues("shell_injection_noshell")
+ functionNames = SecurityDefaults["shell_injection_noshell"]
if context.callFunctionNameQual in functionNames:
reportError(
@@ -325,17 +271,17 @@
if config and "shell_injection_subprocess" in config:
functionNames = config["shell_injection_subprocess"]
else:
- functionNames = _defaultValues("shell_injection_subprocess")
+ functionNames = SecurityDefaults["shell_injection_subprocess"]
if config and "shell_injection_shell" in config:
functionNames += config["shell_injection_shell"]
else:
- functionNames += _defaultValues("shell_injection_shell")
+ functionNames += SecurityDefaults["shell_injection_shell"]
if config and "shell_injection_noshell" in config:
functionNames += config["shell_injection_noshell"]
else:
- functionNames += _defaultValues("shell_injection_noshell")
+ functionNames += SecurityDefaults["shell_injection_noshell"]
if len(context.callArgs):
if context.callFunctionNameQual in functionNames:
