Mercurial Repositories > eric / file revision

eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityDefaults.py@f904d0eef264

eric6/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityDefaults.py

Wed, 17 Jun 2020 20:18:54 +0200

author
Detlev Offenbach <detlev@die-offenbachs.de>
date
Wed, 17 Jun 2020 20:18:54 +0200
changeset 7628
f904d0eef264
parent 7616
01d646569115
child 7923
91e843545d9a
permissions
-rw-r--r--

Checked the reported security related issue reports generated by the new security checker.

# -*- coding: utf-8 -*-

# Copyright (c) 2020 Detlev Offenbach <detlev@die-offenbachs.de>
#

"""
Module implementing the default values for some check modules.
"""

SecurityDefaults = {
    # generalHardcodedTmp.py
    "hardcoded_tmp_directories": ["/tmp", "/var/tmp", "/dev/shm", "~/tmp"],
    # secok
    
    # insecureHashlibNew.py
    "insecure_hashes": ['md4', 'md5', 'sha', 'sha1'],
    
    # injectionShell.py
    # injectionWildcard.py
    "shell_injection_subprocess": [
        'subprocess.Popen',
        'subprocess.call',
        'subprocess.check_call',
        'subprocess.check_output',
        'subprocess.run'],
    
    # injectionShell.py
    # injectionWildcard.py
    "shell_injection_shell": [
        'os.system',
        'os.popen',
        'os.popen2',
        'os.popen3',
        'os.popen4',
        'popen2.popen2',
        'popen2.popen3',
        'popen2.popen4',
        'popen2.Popen3',
        'popen2.Popen4',
        'commands.getoutput',
        'commands.getstatusoutput'],
    
    # injectionShell.py
    "shell_injection_noshell": [
        'os.execl',
        'os.execle',
        'os.execlp',
        'os.execlpe',
        'os.execv',
        'os.execve',
        'os.execvp',
        'os.execvpe',
        'os.spawnl',
        'os.spawnle',
        'os.spawnlp',
        'os.spawnlpe',
        'os.spawnv',
        'os.spawnve',
        'os.spawnvp',
        'os.spawnvpe',
        'os.startfile'],
    
    # insecureSslTls.py
    "insecure_ssl_protocol_versions": [
        'PROTOCOL_SSLv2',
        'SSLv2_METHOD',
        'SSLv23_METHOD',
        'PROTOCOL_SSLv3',
        'PROTOCOL_TLSv1',
        'SSLv3_METHOD',
        'TLSv1_METHOD'],
    
    # tryExcept.py
    "check_typed_exception": False,
    
    # weakCryptographicKey.py
    "weak_key_size_dsa_high": 1024,
    "weak_key_size_dsa_medium": 2048,
    "weak_key_size_rsa_high": 1024,
    "weak_key_size_rsa_medium": 2048,
    "weak_key_size_ec_high": 160,
    "weak_key_size_ec_medium": 224,

}

Mercurial Repository: eric

eric ide

mercurial