Mercurial Repositories > eric / file diff

diff: src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py

src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py

branch
eric7
changeset 11136
437db2f032fd
parent 11124
f475e4e210d2
child 11147
dee6e106b4d3
diff -r 5af56f31c53f -r 437db2f032fd src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py
--- a/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py	Sun Feb 16 11:26:03 2025 +0100
+++ b/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py	Sun Feb 16 12:10:10 2025 +0100
@@ -163,24 +163,11 @@
         " XML attacks. Replace '{0}' with its defusedxml equivalent function"
         " or make sure defusedxml.defuse_stdlib() is called.",
     ),
-    "S320": QCoreApplication.translate(
-        "Security",
-        "Using '{0}' to parse untrusted XML data is known to be vulnerable to"
-        " XML attacks. Replace '{0}' with its defusedxml equivalent"
-        " function.",
-    ),
     "S321": QCoreApplication.translate(
         "Security",
         "FTP-related functions are being called. FTP is considered insecure."
         " Use SSH/SFTP/SCP or some other encrypted protocol.",
     ),
-    "S322": QCoreApplication.translate(
-        "Security",
-        "The input method in Python 2 will read from standard input, evaluate"
-        " and run the resulting string as Python source code. This is"
-        " similar, though in many ways worse, than using eval. On Python 2,"
-        " use raw_input instead, input is safe in Python 3.",
-    ),
     "S323": QCoreApplication.translate(
         "Security",
         "By default, Python will create a secure, verified SSL context for"
@@ -189,7 +176,7 @@
         " reverts to the previous behavior that does not validate"
         " certificates or perform hostname checks.",
     ),
-    # hashlib.new
+    # hashlib functions
     "S331": QCoreApplication.translate(
         "Security", "Use of insecure {0} hash function."
     ),
@@ -246,12 +233,6 @@
         " to XML attacks. Replace '{0}' with the equivalent defusedxml"
         " package, or make sure defusedxml.defuse_stdlib() is called.",
     ),
-    "S410": QCoreApplication.translate(
-        "Security",
-        "Using '{0}' to parse untrusted XML data is known to be vulnerable"
-        " to XML attacks. Replace '{0}' with the equivalent defusedxml"
-        " package.",
-    ),
     "S411": QCoreApplication.translate(
         "Security",
         "Using '{0}' to parse untrusted XML data is known to be vulnerable"
@@ -450,7 +431,6 @@
     "S317": ["xml.sax.parse"],
     "S318": ["xml.dom.minidom.parse"],
     "S319": ["xml.dom.pulldom.parse"],
-    "S320": ["lxml.etree.parse"],
     "S331": ["MD5"],
     "S403": ["pickle"],
     "S404": ["subprocess"],
@@ -459,7 +439,6 @@
     "S407": ["xml.dom.expatbuilder"],
     "S408": ["xml.dom.minidom"],
     "S409": ["xml.dom.pulldom"],
-    "S410": ["lxml"],
     "S411": ["xmlrpclib"],
     "S412": ["wsgiref.handlers.CGIHandler"],
     "S413": ["Crypto.Cipher"],

Mercurial Repository: eric

eric ide

mercurial