Mercurial Repositories > eric / file revision

src/eric7/Documentation/Source/eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.djangoXssVulnerability.html@b99e7fd55fd3

src/eric7/Documentation/Source/eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.djangoXssVulnerability.html

Thu, 07 Jul 2022 11:23:56 +0200

author
Detlev Offenbach <detlev@die-offenbachs.de>
date
Thu, 07 Jul 2022 11:23:56 +0200
branch
eric7
changeset 9209
b99e7fd55fd3
parent 8596
eric7/Documentation/Source/eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.djangoXssVulnerability.html@d64760b2da50
child 10070
9f5758c0fec1
permissions
-rw-r--r--

Reorganized the project structure to use the source layout in order to support up-to-date build systems with "pyproject.toml".

<!DOCTYPE html>
<html><head>
<title>eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.djangoXssVulnerability</title>
<meta charset="UTF-8">
<link rel="stylesheet" href="styles.css">
</head>
<body>
<a NAME="top" ID="top"></a>
<h1>eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.djangoXssVulnerability</h1>

<p>
Module implementing checks for potential XSS vulnerability.
</p>
<h3>Global Attributes</h3>

<table>
<tr><td>None</td></tr>
</table>
<h3>Classes</h3>

<table>

<tr>
<td><a href="#DeepAssignation">DeepAssignation</a></td>
<td>Class to perform a deep analysis of an assign.</td>
</tr>
</table>
<h3>Functions</h3>

<table>

<tr>
<td><a href="#checkDjangoXssVulnerability">checkDjangoXssVulnerability</a></td>
<td>Function to check for potential XSS vulnerability.</td>
</tr>
<tr>
<td><a href="#checkPotentialRisk">checkPotentialRisk</a></td>
<td>Function to check a given node for a potential XSS vulnerability.</td>
</tr>
<tr>
<td><a href="#evaluateCall">evaluateCall</a></td>
<td>Function to evaluate a call node for potential XSS vulnerability.</td>
</tr>
<tr>
<td><a href="#evaluateVar">evaluateVar</a></td>
<td>Function to evaluate a variable node for potential XSS vulnerability.</td>
</tr>
<tr>
<td><a href="#getChecks">getChecks</a></td>
<td>Public method to get a dictionary with checks handled by this module.</td>
</tr>
<tr>
<td><a href="#transform2call">transform2call</a></td>
<td>Function to transform a variable node to a call node.</td>
</tr>
</table>
<hr />
<hr />
<a NAME="DeepAssignation" ID="DeepAssignation"></a>
<h2>DeepAssignation</h2>

<p>
    Class to perform a deep analysis of an assign.
</p>
<h3>Derived from</h3>
None
<h3>Class Attributes</h3>

<table>
<tr><td>None</td></tr>
</table>
<h3>Class Methods</h3>

<table>
<tr><td>None</td></tr>
</table>
<h3>Methods</h3>

<table>

<tr>
<td><a href="#DeepAssignation.__init__">DeepAssignation</a></td>
<td>Constructor</td>
</tr>
<tr>
<td><a href="#DeepAssignation.isAssigned">isAssigned</a></td>
<td>Public method to check assignment against a given node.</td>
</tr>
<tr>
<td><a href="#DeepAssignation.isAssignedIn">isAssignedIn</a></td>
<td>Public method to check, if the variable is assigned to.</td>
</tr>
</table>
<h3>Static Methods</h3>

<table>
<tr><td>None</td></tr>
</table>

<a NAME="DeepAssignation.__init__" ID="DeepAssignation.__init__"></a>
<h4>DeepAssignation (Constructor)</h4>
<b>DeepAssignation</b>(<i>varName, ignoreNodes=None</i>)

<p>
        Constructor
</p>
<dl>

<dt><i>varName</i> (str)</dt>
<dd>
name of the variable
</dd>
<dt><i>ignoreNodes</i> (list of ast.AST)</dt>
<dd>
list of nodes to ignore
</dd>
</dl>
<a NAME="DeepAssignation.isAssigned" ID="DeepAssignation.isAssigned"></a>
<h4>DeepAssignation.isAssigned</h4>
<b>isAssigned</b>(<i>node</i>)

<p>
        Public method to check assignment against a given node.
</p>
<dl>

<dt><i>node</i> (ast.AST)</dt>
<dd>
node to check against
</dd>
</dl>
<dl>
<dt>Return:</dt>
<dd>
flag indicating an assignement
</dd>
</dl>
<dl>
<dt>Return Type:</dt>
<dd>
bool
</dd>
</dl>
<a NAME="DeepAssignation.isAssignedIn" ID="DeepAssignation.isAssignedIn"></a>
<h4>DeepAssignation.isAssignedIn</h4>
<b>isAssignedIn</b>(<i>items</i>)

<p>
        Public method to check, if the variable is assigned to.
</p>
<dl>

<dt><i>items</i> (list of ast.AST)</dt>
<dd>
list of nodes to check against
</dd>
</dl>
<dl>
<dt>Return:</dt>
<dd>
list of nodes assigned
</dd>
</dl>
<dl>
<dt>Return Type:</dt>
<dd>
list of ast.AST
</dd>
</dl>
<div align="right"><a href="#top">Up</a></div>
<hr />
<hr />
<a NAME="checkDjangoXssVulnerability" ID="checkDjangoXssVulnerability"></a>
<h2>checkDjangoXssVulnerability</h2>
<b>checkDjangoXssVulnerability</b>(<i>reportError, context, config</i>)

<p>
    Function to check for potential XSS vulnerability.
</p>
<dl>

<dt><i>reportError</i> (func)</dt>
<dd>
function to be used to report errors
</dd>
<dt><i>context</i> (SecurityContext)</dt>
<dd>
security context object
</dd>
<dt><i>config</i> (dict)</dt>
<dd>
dictionary with configuration data
</dd>
</dl>
<div align="right"><a href="#top">Up</a></div>
<hr />
<hr />
<a NAME="checkPotentialRisk" ID="checkPotentialRisk"></a>
<h2>checkPotentialRisk</h2>
<b>checkPotentialRisk</b>(<i>reportError, node</i>)

<p>
    Function to check a given node for a potential XSS vulnerability.
</p>
<dl>

<dt><i>reportError</i> (func)</dt>
<dd>
function to be used to report errors
</dd>
<dt><i>node</i> (ast.Call)</dt>
<dd>
node to be checked
</dd>
</dl>
<div align="right"><a href="#top">Up</a></div>
<hr />
<hr />
<a NAME="evaluateCall" ID="evaluateCall"></a>
<h2>evaluateCall</h2>
<b>evaluateCall</b>(<i>call, parent, ignoreNodes=None</i>)

<p>
    Function to evaluate a call node for potential XSS vulnerability.
</p>
<dl>

<dt><i>call</i> (ast.Call)</dt>
<dd>
call node to be checked
</dd>
<dt><i>parent</i> (ast.AST)</dt>
<dd>
parent node
</dd>
<dt><i>ignoreNodes</i> (list of ast.AST)</dt>
<dd>
list of nodes to ignore
</dd>
</dl>
<dl>
<dt>Return:</dt>
<dd>
flag indicating a secure evaluation
</dd>
</dl>
<dl>
<dt>Return Type:</dt>
<dd>
bool
</dd>
</dl>
<div align="right"><a href="#top">Up</a></div>
<hr />
<hr />
<a NAME="evaluateVar" ID="evaluateVar"></a>
<h2>evaluateVar</h2>
<b>evaluateVar</b>(<i>xssVar, parent, until, ignoreNodes=None</i>)

<p>
    Function to evaluate a variable node for potential XSS vulnerability.
</p>
<dl>

<dt><i>xssVar</i> (ast.Name)</dt>
<dd>
variable node to be checked
</dd>
<dt><i>parent</i> (ast.AST)</dt>
<dd>
parent node
</dd>
<dt><i>until</i> (int)</dt>
<dd>
end line number to evaluate variable against
</dd>
<dt><i>ignoreNodes</i> (list of ast.AST)</dt>
<dd>
list of nodes to ignore
</dd>
</dl>
<dl>
<dt>Return:</dt>
<dd>
flag indicating a secure evaluation
</dd>
</dl>
<dl>
<dt>Return Type:</dt>
<dd>
bool
</dd>
</dl>
<div align="right"><a href="#top">Up</a></div>
<hr />
<hr />
<a NAME="getChecks" ID="getChecks"></a>
<h2>getChecks</h2>
<b>getChecks</b>(<i></i>)

<p>
    Public method to get a dictionary with checks handled by this module.
</p>
<dl>
<dt>Return:</dt>
<dd>
dictionary containing checker lists containing checker function and
        list of codes
</dd>
</dl>
<dl>
<dt>Return Type:</dt>
<dd>
dict
</dd>
</dl>
<div align="right"><a href="#top">Up</a></div>
<hr />
<hr />
<a NAME="transform2call" ID="transform2call"></a>
<h2>transform2call</h2>
<b>transform2call</b>(<i>var</i>)

<p>
    Function to transform a variable node to a call node.
</p>
<dl>

<dt><i>var</i> (ast.BinOp)</dt>
<dd>
variable node
</dd>
</dl>
<dl>
<dt>Return:</dt>
<dd>
call node
</dd>
</dl>
<dl>
<dt>Return Type:</dt>
<dd>
ast.Call
</dd>
</dl>
<div align="right"><a href="#top">Up</a></div>
<hr />
</body></html>

Mercurial Repository: eric

eric ide

mercurial