Mercurial Repositories > eric / file revision
eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityNodeVisitor.py@382f89c11e27
eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityNodeVisitor.py
Mon, 08 Jun 2020 20:08:27 +0200
- author
- Detlev Offenbach <detlev@die-offenbachs.de>
- date
- Mon, 08 Jun 2020 20:08:27 +0200
- changeset 7613
- 382f89c11e27
- parent 7612
- ca1ce1e0fcff
- child 7651
- ca87b7490449
- permissions
- -rw-r--r--
Code Style Checker: continued to implement checker for security related issues.
# -*- coding: utf-8 -*- # Copyright (c) 2020 Detlev Offenbach <detlev@die-offenbachs.de> # """ Module implementing an AST node visitor for security checks. """ import ast from . import SecurityUtils from .SecurityContext import SecurityContext class SecurityNodeVisitor(object): """ Class implementing an AST node visitor for security checks. """ def __init__(self, checker, secCheckers, filename): """ Constructor @param checker reference to the main security checker object @type SecurityChecker @param secCheckers dictionary containing the available checker routines @type dict @param filename name of the checked file @type str """ self.__checker = checker self.__securityCheckers = secCheckers self.seen = 0 self.depth = 0 self.filename = filename self.imports = set() self.import_aliases = {} # in some cases we can't determine a qualified name try: self.namespace = SecurityUtils.getModuleQualnameFromPath(filename) except SecurityUtils.InvalidModulePath: self.namespace = "" def __runChecks(self, checkType): """ Private method to run all enabled checks for a given check type. @param checkType type of checks to be run @type str """ if checkType in self.__securityCheckers: for check in self.__securityCheckers[checkType]: check(self.__checker.reportError, SecurityContext(self.__context), self.__checker.getConfig()) def visit_ClassDef(self, node): """ Public method defining a visitor for AST ClassDef nodes. Add class name to current namespace for all descendants. @param node reference to the node being inspected @type ast.ClassDef """ # For all child nodes, add this class name to current namespace self.namespace = SecurityUtils.namespacePathJoin( self.namespace, node.name) def visit_FunctionDef(self, node): """ Public method defining a visitor for AST FunctionDef nodes. Add relevant information about the node to the context for use in tests which inspect function definitions. Add the function name to the current namespace for all descendants. @param node reference to the node being inspected @type ast.FunctionDef """ self.__context['function'] = node qualname = SecurityUtils.namespacePathJoin(self.namespace, node.name) name = qualname.split('.')[-1] self.__context['qualname'] = qualname self.__context['name'] = name # For all child nodes and any tests run, add this function name to # current namespace self.namespace = SecurityUtils.namespacePathJoin( self.namespace, node.name) self.__runChecks("FunctionDef") def visit_Call(self, node): """ Public method defining a visitor for AST Call nodes. Add relevant information about the node to the context for use in tests which inspect function calls. @param node reference to the node being inspected @type ast.Call """ self.__context['call'] = node qualname = SecurityUtils.getCallName(node, self.import_aliases) name = qualname.split('.')[-1] self.__context['qualname'] = qualname self.__context['name'] = name self.__runChecks("Call") def visit_Import(self, node): """ Public method defining a visitor for AST Import nodes. @param node reference to the node being inspected @type ast.Import """ for nodename in node.names: if nodename.asname: self.import_aliases[nodename.asname] = nodename.name self.imports.add(nodename.name) self.__context['module'] = nodename.name self.__runChecks("Import") def visit_ImportFrom(self, node): """ Public method defining a visitor for AST Import nodes. This adds relevant information about the node to the context for use in tests which inspect imports. @param node reference to the node being inspected @type ast.ImportFrom """ module = node.module if module is None: self.visit_Import(node) return for nodename in node.names: if nodename.asname: self.import_aliases[nodename.asname] = ( module + "." + nodename.name ) else: # Even if import is not aliased we need an entry that maps # name to module.name. For example, with 'from a import b' # b should be aliased to the qualified name a.b self.import_aliases[nodename.name] = ( module + '.' + nodename.name) self.imports.add(module + "." + nodename.name) self.__context['module'] = module self.__context['name'] = nodename.name self.__runChecks("ImportFrom") def visit_Constant(self, node): """ Public method defining a visitor for Constant nodes. This calls the appropriate method for the node type. It maintains compatibility with <3.6 and 3.8+ @param node reference to the node being inspected @type ast.Constant """ if isinstance(node.value, str): self.visit_Str(node) elif isinstance(node.value, bytes): self.visit_Bytes(node) def visit_Str(self, node): """ Public method defining a visitor for String nodes. This adds relevant information about node to the context for use in tests which inspect strings. @param node reference to the node being inspected @type ast.Str """ self.__context['str'] = node.s if not isinstance(node._securityParent, ast.Expr): # docstring self.__context['linerange'] = SecurityUtils.linerange_fix( node._securityParent ) self.__runChecks("Str") def visit_Bytes(self, node): """ Public method defining a visitor for Bytes nodes. This adds relevant information about node to the context for use in tests which inspect strings. @param node reference to the node being inspected @type ast.Bytes """ self.__context['bytes'] = node.s if not isinstance(node._securityParent, ast.Expr): # docstring self.__context['linerange'] = SecurityUtils.linerange_fix( node._securityParent ) self.__runChecks("Bytes") def __preVisit(self, node): """ Private method to set up a context for the visit method. @param node node to base the context on @type ast.AST @return flag indicating to visit the node @rtype bool """ self.__context = {} self.__context['imports'] = self.imports self.__context['import_aliases'] = self.import_aliases if hasattr(node, 'lineno'): self.__context['lineno'] = node.lineno ## ## if node.lineno in self.nosec_lines: ## LOG.debug("skipped, nosec") ## self.metrics.note_nosec() ## return False self.__context['node'] = node self.__context['linerange'] = SecurityUtils.linerange_fix(node) self.__context['filename'] = self.filename self.seen += 1 self.depth += 1 return True def visit(self, node): """ Public method to inspected an AST node. @param node AST node to be inspected @type ast.AST """ name = node.__class__.__name__ method = 'visit_' + name visitor = getattr(self, method, None) if visitor is not None: visitor(node) else: self.__runChecks(name) def __postVisit(self, node): """ Private method to clean up after a node was visited. @param node AST node that was visited @type ast.AST """ self.depth -= 1 # Clean up post-recursion stuff that gets setup in the visit methods # for these node types. if isinstance(node, (ast.FunctionDef, ast.ClassDef)): self.namespace = SecurityUtils.namespacePathSplit( self.namespace)[0] def generic_visit(self, node): """ Public method to drive the node visitor. @param node node to be inspected @type ast.AST """ for _, value in ast.iter_fields(node): if isinstance(value, list): maxIndex = len(value) - 1 for index, item in enumerate(value): if isinstance(item, ast.AST): if index < maxIndex: item._securitySibling = value[index + 1] else: item._securitySibling = None item._securityParent = node if self.__preVisit(item): self.visit(item) self.generic_visit(item) self.__postVisit(item) elif isinstance(value, ast.AST): value._securitySibling = None value._securityParent = node if self.__preVisit(value): self.visit(value) self.generic_visit(value) self.__postVisit(value)
