Mercurial Repositories > eric / file revision

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/prohibitedImports.py@6a37b6ac3928

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/prohibitedImports.py

Tue, 16 Jan 2024 14:18:52 +0100

author
Detlev Offenbach <detlev@die-offenbachs.de>
date
Tue, 16 Jan 2024 14:18:52 +0100
branch
eric7
changeset 10503
6a37b6ac3928
parent 10439
src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/blackListImports.py@21c28b0f9e41
child 10507
d1c6608155ef
permissions
-rw-r--r--

Renamed some modules/variables/settings to get rid (mostly) of inappropriate words.

# -*- coding: utf-8 -*-

# Copyright (c) 2020 - 2024 Detlev Offenbach <detlev@die-offenbachs.de>
#

"""
Module implementing checks for prohibited imports.
"""

#
# This is a modified version of the one found in the bandit package.
#
# Original Copyright 2016 Hewlett-Packard Development Company, L.P.
#
# SPDX-License-Identifier: Apache-2.0
#

_prohibitedImports = {
    "S401": (["telnetlib"], "H"),
    "S402": (["ftplib"], "H"),
    "S403": (["pickle", "cPickle", "dill", "shelve"], "L"),
    "S404": (["subprocess"], "L"),
    "S405": (["xml.etree.cElementTree", "xml.etree.ElementTree"], "L"),
    "S406": (["xml.sax"], "L"),
    "S407": (["xml.dom.expatbuilder"], "L"),
    "S408": (["xml.dom.minidom"], "L"),
    "S409": (["xml.dom.pulldom"], "L"),
    "S410": (["lxml"], "L"),
    "S411": (["xmlrpclib"], "H"),
    "S412": (
        [
            "wsgiref.handlers.CGIHandler",
            "twisted.web.twcgi.CGIScript",
            "twisted.web.twcgi.CGIDirectory",
        ],
        "H",
    ),
    "S413": (
        [
            "Crypto.Cipher",
            "Crypto.Hash",
            "Crypto.IO",
            "Crypto.Protocol",
            "Crypto.PublicKey",
            "Crypto.Random",
            "Crypto.Signature",
            "Crypto.Util",
        ],
        "H",
    ),
    "S414": (["pyghmi"], "H"),
}


def getChecks():
    """
    Public method to get a dictionary with checks handled by this module.

    @return dictionary containing checker lists containing checker function and
        list of codes
    @rtype dict
    """
    return {
        "Import": [
            (checkProhibitedImports, tuple(_prohibitedImports)),
        ],
        "ImportFrom": [
            (checkProhibitedImports, tuple(_prohibitedImports)),
        ],
        "Call": [
            (checkProhibitedImports, tuple(_prohibitedImports)),
        ],
    }


def checkProhibitedImports(reportError, context, config):  # noqa: U100
    """
    Function to check for prohibited imports.

    @param reportError function to be used to report errors
    @type func
    @param context security context object
    @type SecurityContext
    @param config dictionary with configuration data
    @type dict
    """
    nodeType = context.node.__class__.__name__

    if nodeType.startswith("Import"):
        prefix = ""
        if nodeType == "ImportFrom" and context.node.module is not None:
            prefix = context.node.module + "."

        for code in _prohibitedImports:
            qualnames, severity = _prohibitedImports[code]
            for name in context.node.names:
                for qualname in qualnames:
                    if (prefix + name.name).startswith(qualname):
                        reportError(
                            context.node.lineno - 1,
                            context.node.col_offset,
                            code,
                            severity,
                            "H",
                            name.name,
                        )

Mercurial Repository: eric

eric ide

mercurial