Mercurial Repositories > eric / file revision
eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/insecureHashlibNew.py@2bbec88047dd
eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/insecureHashlibNew.py
Wed, 21 Apr 2021 19:40:50 +0200
- author
- Detlev Offenbach <detlev@die-offenbachs.de>
- date
- Wed, 21 Apr 2021 19:40:50 +0200
- changeset 8259
- 2bbec88047dd
- parent 7923
- 91e843545d9a
- permissions
- -rw-r--r--
Applied some more code simplifications suggested by the new Simplify checker (Y108: use ternary operator).
# -*- coding: utf-8 -*- # Copyright (c) 2020 - 2021 Detlev Offenbach <detlev@die-offenbachs.de> # """ Module implementing a check for use of insecure md4, md5, or sha1 hash functions in hashlib.new(). """ # # This is a modified version of the one found in the bandit package. # # Original Copyright 2014 Hewlett-Packard Development Company, L.P. # # SPDX-License-Identifier: Apache-2.0 # from Security.SecurityDefaults import SecurityDefaults def getChecks(): """ Public method to get a dictionary with checks handled by this module. @return dictionary containing checker lists containing checker function and list of codes @rtype dict """ return { "Call": [ (checkHashlibNew, ("S331",)), ], } def checkHashlibNew(reportError, context, config): """ Function to check for use of insecure md4, md5, or sha1 hash functions in hashlib.new(). @param reportError function to be used to report errors @type func @param context security context object @type SecurityContext @param config dictionary with configuration data @type dict """ insecureHashes = ( [h.lower() for h in config["insecure_hashes"]] if config and "insecure_hashes" in config else SecurityDefaults["insecure_hashes"] ) if isinstance(context.callFunctionNameQual, str): qualnameList = context.callFunctionNameQual.split('.') func = qualnameList[-1] if 'hashlib' in qualnameList and func == 'new': args = context.callArgs keywords = context.callKeywords name = args[0] if args else keywords['name'] if ( isinstance(name, str) and name.lower() in insecureHashes ): reportError( context.node.lineno - 1, context.node.col_offset, "S331", "M", "H", name.upper() )
