Mercurial Repositories > eric / file diff

diff: src/eric7/Documentation/Source/eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.djangoXssVulnerability.html

src/eric7/Documentation/Source/eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.djangoXssVulnerability.html

branch
eric7
changeset 9209
b99e7fd55fd3
parent 8596
d64760b2da50
child 10070
9f5758c0fec1
diff -r 3fc8dfeb6ebe -r b99e7fd55fd3 src/eric7/Documentation/Source/eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.djangoXssVulnerability.html
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/eric7/Documentation/Source/eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.djangoXssVulnerability.html	Thu Jul 07 11:23:56 2022 +0200
@@ -0,0 +1,348 @@
+<!DOCTYPE html>
+<html><head>
+<title>eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.djangoXssVulnerability</title>
+<meta charset="UTF-8">
+<link rel="stylesheet" href="styles.css">
+</head>
+<body>
+<a NAME="top" ID="top"></a>
+<h1>eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.djangoXssVulnerability</h1>
+
+<p>
+Module implementing checks for potential XSS vulnerability.
+</p>
+<h3>Global Attributes</h3>
+
+<table>
+<tr><td>None</td></tr>
+</table>
+<h3>Classes</h3>
+
+<table>
+
+<tr>
+<td><a href="#DeepAssignation">DeepAssignation</a></td>
+<td>Class to perform a deep analysis of an assign.</td>
+</tr>
+</table>
+<h3>Functions</h3>
+
+<table>
+
+<tr>
+<td><a href="#checkDjangoXssVulnerability">checkDjangoXssVulnerability</a></td>
+<td>Function to check for potential XSS vulnerability.</td>
+</tr>
+<tr>
+<td><a href="#checkPotentialRisk">checkPotentialRisk</a></td>
+<td>Function to check a given node for a potential XSS vulnerability.</td>
+</tr>
+<tr>
+<td><a href="#evaluateCall">evaluateCall</a></td>
+<td>Function to evaluate a call node for potential XSS vulnerability.</td>
+</tr>
+<tr>
+<td><a href="#evaluateVar">evaluateVar</a></td>
+<td>Function to evaluate a variable node for potential XSS vulnerability.</td>
+</tr>
+<tr>
+<td><a href="#getChecks">getChecks</a></td>
+<td>Public method to get a dictionary with checks handled by this module.</td>
+</tr>
+<tr>
+<td><a href="#transform2call">transform2call</a></td>
+<td>Function to transform a variable node to a call node.</td>
+</tr>
+</table>
+<hr />
+<hr />
+<a NAME="DeepAssignation" ID="DeepAssignation"></a>
+<h2>DeepAssignation</h2>
+
+<p>
+    Class to perform a deep analysis of an assign.
+</p>
+<h3>Derived from</h3>
+None
+<h3>Class Attributes</h3>
+
+<table>
+<tr><td>None</td></tr>
+</table>
+<h3>Class Methods</h3>
+
+<table>
+<tr><td>None</td></tr>
+</table>
+<h3>Methods</h3>
+
+<table>
+
+<tr>
+<td><a href="#DeepAssignation.__init__">DeepAssignation</a></td>
+<td>Constructor</td>
+</tr>
+<tr>
+<td><a href="#DeepAssignation.isAssigned">isAssigned</a></td>
+<td>Public method to check assignment against a given node.</td>
+</tr>
+<tr>
+<td><a href="#DeepAssignation.isAssignedIn">isAssignedIn</a></td>
+<td>Public method to check, if the variable is assigned to.</td>
+</tr>
+</table>
+<h3>Static Methods</h3>
+
+<table>
+<tr><td>None</td></tr>
+</table>
+
+<a NAME="DeepAssignation.__init__" ID="DeepAssignation.__init__"></a>
+<h4>DeepAssignation (Constructor)</h4>
+<b>DeepAssignation</b>(<i>varName, ignoreNodes=None</i>)
+
+<p>
+        Constructor
+</p>
+<dl>
+
+<dt><i>varName</i> (str)</dt>
+<dd>
+name of the variable
+</dd>
+<dt><i>ignoreNodes</i> (list of ast.AST)</dt>
+<dd>
+list of nodes to ignore
+</dd>
+</dl>
+<a NAME="DeepAssignation.isAssigned" ID="DeepAssignation.isAssigned"></a>
+<h4>DeepAssignation.isAssigned</h4>
+<b>isAssigned</b>(<i>node</i>)
+
+<p>
+        Public method to check assignment against a given node.
+</p>
+<dl>
+
+<dt><i>node</i> (ast.AST)</dt>
+<dd>
+node to check against
+</dd>
+</dl>
+<dl>
+<dt>Return:</dt>
+<dd>
+flag indicating an assignement
+</dd>
+</dl>
+<dl>
+<dt>Return Type:</dt>
+<dd>
+bool
+</dd>
+</dl>
+<a NAME="DeepAssignation.isAssignedIn" ID="DeepAssignation.isAssignedIn"></a>
+<h4>DeepAssignation.isAssignedIn</h4>
+<b>isAssignedIn</b>(<i>items</i>)
+
+<p>
+        Public method to check, if the variable is assigned to.
+</p>
+<dl>
+
+<dt><i>items</i> (list of ast.AST)</dt>
+<dd>
+list of nodes to check against
+</dd>
+</dl>
+<dl>
+<dt>Return:</dt>
+<dd>
+list of nodes assigned
+</dd>
+</dl>
+<dl>
+<dt>Return Type:</dt>
+<dd>
+list of ast.AST
+</dd>
+</dl>
+<div align="right"><a href="#top">Up</a></div>
+<hr />
+<hr />
+<a NAME="checkDjangoXssVulnerability" ID="checkDjangoXssVulnerability"></a>
+<h2>checkDjangoXssVulnerability</h2>
+<b>checkDjangoXssVulnerability</b>(<i>reportError, context, config</i>)
+
+<p>
+    Function to check for potential XSS vulnerability.
+</p>
+<dl>
+
+<dt><i>reportError</i> (func)</dt>
+<dd>
+function to be used to report errors
+</dd>
+<dt><i>context</i> (SecurityContext)</dt>
+<dd>
+security context object
+</dd>
+<dt><i>config</i> (dict)</dt>
+<dd>
+dictionary with configuration data
+</dd>
+</dl>
+<div align="right"><a href="#top">Up</a></div>
+<hr />
+<hr />
+<a NAME="checkPotentialRisk" ID="checkPotentialRisk"></a>
+<h2>checkPotentialRisk</h2>
+<b>checkPotentialRisk</b>(<i>reportError, node</i>)
+
+<p>
+    Function to check a given node for a potential XSS vulnerability.
+</p>
+<dl>
+
+<dt><i>reportError</i> (func)</dt>
+<dd>
+function to be used to report errors
+</dd>
+<dt><i>node</i> (ast.Call)</dt>
+<dd>
+node to be checked
+</dd>
+</dl>
+<div align="right"><a href="#top">Up</a></div>
+<hr />
+<hr />
+<a NAME="evaluateCall" ID="evaluateCall"></a>
+<h2>evaluateCall</h2>
+<b>evaluateCall</b>(<i>call, parent, ignoreNodes=None</i>)
+
+<p>
+    Function to evaluate a call node for potential XSS vulnerability.
+</p>
+<dl>
+
+<dt><i>call</i> (ast.Call)</dt>
+<dd>
+call node to be checked
+</dd>
+<dt><i>parent</i> (ast.AST)</dt>
+<dd>
+parent node
+</dd>
+<dt><i>ignoreNodes</i> (list of ast.AST)</dt>
+<dd>
+list of nodes to ignore
+</dd>
+</dl>
+<dl>
+<dt>Return:</dt>
+<dd>
+flag indicating a secure evaluation
+</dd>
+</dl>
+<dl>
+<dt>Return Type:</dt>
+<dd>
+bool
+</dd>
+</dl>
+<div align="right"><a href="#top">Up</a></div>
+<hr />
+<hr />
+<a NAME="evaluateVar" ID="evaluateVar"></a>
+<h2>evaluateVar</h2>
+<b>evaluateVar</b>(<i>xssVar, parent, until, ignoreNodes=None</i>)
+
+<p>
+    Function to evaluate a variable node for potential XSS vulnerability.
+</p>
+<dl>
+
+<dt><i>xssVar</i> (ast.Name)</dt>
+<dd>
+variable node to be checked
+</dd>
+<dt><i>parent</i> (ast.AST)</dt>
+<dd>
+parent node
+</dd>
+<dt><i>until</i> (int)</dt>
+<dd>
+end line number to evaluate variable against
+</dd>
+<dt><i>ignoreNodes</i> (list of ast.AST)</dt>
+<dd>
+list of nodes to ignore
+</dd>
+</dl>
+<dl>
+<dt>Return:</dt>
+<dd>
+flag indicating a secure evaluation
+</dd>
+</dl>
+<dl>
+<dt>Return Type:</dt>
+<dd>
+bool
+</dd>
+</dl>
+<div align="right"><a href="#top">Up</a></div>
+<hr />
+<hr />
+<a NAME="getChecks" ID="getChecks"></a>
+<h2>getChecks</h2>
+<b>getChecks</b>(<i></i>)
+
+<p>
+    Public method to get a dictionary with checks handled by this module.
+</p>
+<dl>
+<dt>Return:</dt>
+<dd>
+dictionary containing checker lists containing checker function and
+        list of codes
+</dd>
+</dl>
+<dl>
+<dt>Return Type:</dt>
+<dd>
+dict
+</dd>
+</dl>
+<div align="right"><a href="#top">Up</a></div>
+<hr />
+<hr />
+<a NAME="transform2call" ID="transform2call"></a>
+<h2>transform2call</h2>
+<b>transform2call</b>(<i>var</i>)
+
+<p>
+    Function to transform a variable node to a call node.
+</p>
+<dl>
+
+<dt><i>var</i> (ast.BinOp)</dt>
+<dd>
+variable node
+</dd>
+</dl>
+<dl>
+<dt>Return:</dt>
+<dd>
+call node
+</dd>
+</dl>
+<dl>
+<dt>Return Type:</dt>
+<dd>
+ast.Call
+</dd>
+</dl>
+<div align="right"><a href="#top">Up</a></div>
+<hr />
+</body></html>
\ No newline at end of file

Mercurial Repository: eric

eric ide

mercurial