Mercurial Repositories > eric / file diff

diff: eric7/Documentation/Source/eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.djangoXssVulnerability.html

eric7/Documentation/Source/eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.djangoXssVulnerability.html

branch
eric7
changeset 8372
e0227a7c850e
child 8596
d64760b2da50
diff -r d6062691d424 -r e0227a7c850e eric7/Documentation/Source/eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.djangoXssVulnerability.html
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/eric7/Documentation/Source/eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.djangoXssVulnerability.html	Mon May 24 11:19:57 2021 +0200
@@ -0,0 +1,362 @@
+<!DOCTYPE html>
+<html><head>
+<title>eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.djangoXssVulnerability</title>
+<meta charset="UTF-8">
+<style>
+body {
+    background: #EDECE6;
+    margin: 0em 1em 10em 1em;
+    color: black;
+}
+
+h1 { color: white; background: #85774A; }
+h2 { color: white; background: #85774A; }
+h3 { color: white; background: #9D936E; }
+h4 { color: white; background: #9D936E; }
+    
+a { color: #BA6D36; }
+
+</style>
+</head>
+<body>
+<a NAME="top" ID="top"></a>
+<h1>eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.djangoXssVulnerability</h1>
+
+<p>
+Module implementing checks for potential XSS vulnerability.
+</p>
+<h3>Global Attributes</h3>
+
+<table>
+<tr><td>None</td></tr>
+</table>
+<h3>Classes</h3>
+
+<table>
+
+<tr>
+<td><a href="#DeepAssignation">DeepAssignation</a></td>
+<td>Class to perform a deep analysis of an assign.</td>
+</tr>
+</table>
+<h3>Functions</h3>
+
+<table>
+
+<tr>
+<td><a href="#checkDjangoXssVulnerability">checkDjangoXssVulnerability</a></td>
+<td>Function to check for potential XSS vulnerability.</td>
+</tr>
+<tr>
+<td><a href="#checkPotentialRisk">checkPotentialRisk</a></td>
+<td>Function to check a given node for a potential XSS vulnerability.</td>
+</tr>
+<tr>
+<td><a href="#evaluateCall">evaluateCall</a></td>
+<td>Function to evaluate a call node for potential XSS vulnerability.</td>
+</tr>
+<tr>
+<td><a href="#evaluateVar">evaluateVar</a></td>
+<td>Function to evaluate a variable node for potential XSS vulnerability.</td>
+</tr>
+<tr>
+<td><a href="#getChecks">getChecks</a></td>
+<td>Public method to get a dictionary with checks handled by this module.</td>
+</tr>
+<tr>
+<td><a href="#transform2call">transform2call</a></td>
+<td>Function to transform a variable node to a call node.</td>
+</tr>
+</table>
+<hr />
+<hr />
+<a NAME="DeepAssignation" ID="DeepAssignation"></a>
+<h2>DeepAssignation</h2>
+
+<p>
+    Class to perform a deep analysis of an assign.
+</p>
+<h3>Derived from</h3>
+None
+<h3>Class Attributes</h3>
+
+<table>
+<tr><td>None</td></tr>
+</table>
+<h3>Class Methods</h3>
+
+<table>
+<tr><td>None</td></tr>
+</table>
+<h3>Methods</h3>
+
+<table>
+
+<tr>
+<td><a href="#DeepAssignation.__init__">DeepAssignation</a></td>
+<td>Constructor</td>
+</tr>
+<tr>
+<td><a href="#DeepAssignation.isAssigned">isAssigned</a></td>
+<td>Public method to check assignment against a given node.</td>
+</tr>
+<tr>
+<td><a href="#DeepAssignation.isAssignedIn">isAssignedIn</a></td>
+<td>Public method to check, if the variable is assigned to.</td>
+</tr>
+</table>
+<h3>Static Methods</h3>
+
+<table>
+<tr><td>None</td></tr>
+</table>
+
+<a NAME="DeepAssignation.__init__" ID="DeepAssignation.__init__"></a>
+<h4>DeepAssignation (Constructor)</h4>
+<b>DeepAssignation</b>(<i>varName, ignoreNodes=None</i>)
+
+<p>
+        Constructor
+</p>
+<dl>
+
+<dt><i>varName</i> (str)</dt>
+<dd>
+name of the variable
+</dd>
+<dt><i>ignoreNodes</i> (list of ast.AST)</dt>
+<dd>
+list of nodes to ignore
+</dd>
+</dl>
+<a NAME="DeepAssignation.isAssigned" ID="DeepAssignation.isAssigned"></a>
+<h4>DeepAssignation.isAssigned</h4>
+<b>isAssigned</b>(<i>node</i>)
+
+<p>
+        Public method to check assignment against a given node.
+</p>
+<dl>
+
+<dt><i>node</i> (ast.AST)</dt>
+<dd>
+node to check against
+</dd>
+</dl>
+<dl>
+<dt>Return:</dt>
+<dd>
+flag indicating an assignement
+</dd>
+</dl>
+<dl>
+<dt>Return Type:</dt>
+<dd>
+bool
+</dd>
+</dl>
+<a NAME="DeepAssignation.isAssignedIn" ID="DeepAssignation.isAssignedIn"></a>
+<h4>DeepAssignation.isAssignedIn</h4>
+<b>isAssignedIn</b>(<i>items</i>)
+
+<p>
+        Public method to check, if the variable is assigned to.
+</p>
+<dl>
+
+<dt><i>items</i> (list of ast.AST)</dt>
+<dd>
+list of nodes to check against
+</dd>
+</dl>
+<dl>
+<dt>Return:</dt>
+<dd>
+list of nodes assigned
+</dd>
+</dl>
+<dl>
+<dt>Return Type:</dt>
+<dd>
+list of ast.AST
+</dd>
+</dl>
+<div align="right"><a href="#top">Up</a></div>
+<hr />
+<hr />
+<a NAME="checkDjangoXssVulnerability" ID="checkDjangoXssVulnerability"></a>
+<h2>checkDjangoXssVulnerability</h2>
+<b>checkDjangoXssVulnerability</b>(<i>reportError, context, config</i>)
+
+<p>
+    Function to check for potential XSS vulnerability.
+</p>
+<dl>
+
+<dt><i>reportError</i> (func)</dt>
+<dd>
+function to be used to report errors
+</dd>
+<dt><i>context</i> (SecurityContext)</dt>
+<dd>
+security context object
+</dd>
+<dt><i>config</i> (dict)</dt>
+<dd>
+dictionary with configuration data
+</dd>
+</dl>
+<div align="right"><a href="#top">Up</a></div>
+<hr />
+<hr />
+<a NAME="checkPotentialRisk" ID="checkPotentialRisk"></a>
+<h2>checkPotentialRisk</h2>
+<b>checkPotentialRisk</b>(<i>reportError, node</i>)
+
+<p>
+    Function to check a given node for a potential XSS vulnerability.
+</p>
+<dl>
+
+<dt><i>reportError</i> (func)</dt>
+<dd>
+function to be used to report errors
+</dd>
+<dt><i>node</i> (ast.Call)</dt>
+<dd>
+node to be checked
+</dd>
+</dl>
+<div align="right"><a href="#top">Up</a></div>
+<hr />
+<hr />
+<a NAME="evaluateCall" ID="evaluateCall"></a>
+<h2>evaluateCall</h2>
+<b>evaluateCall</b>(<i>call, parent, ignoreNodes=None</i>)
+
+<p>
+    Function to evaluate a call node for potential XSS vulnerability.
+</p>
+<dl>
+
+<dt><i>call</i> (ast.Call)</dt>
+<dd>
+call node to be checked
+</dd>
+<dt><i>parent</i> (ast.AST)</dt>
+<dd>
+parent node
+</dd>
+<dt><i>ignoreNodes</i> (list of ast.AST)</dt>
+<dd>
+list of nodes to ignore
+</dd>
+</dl>
+<dl>
+<dt>Return:</dt>
+<dd>
+flag indicating a secure evaluation
+</dd>
+</dl>
+<dl>
+<dt>Return Type:</dt>
+<dd>
+bool
+</dd>
+</dl>
+<div align="right"><a href="#top">Up</a></div>
+<hr />
+<hr />
+<a NAME="evaluateVar" ID="evaluateVar"></a>
+<h2>evaluateVar</h2>
+<b>evaluateVar</b>(<i>xssVar, parent, until, ignoreNodes=None</i>)
+
+<p>
+    Function to evaluate a variable node for potential XSS vulnerability.
+</p>
+<dl>
+
+<dt><i>xssVar</i> (ast.Name)</dt>
+<dd>
+variable node to be checked
+</dd>
+<dt><i>parent</i> (ast.AST)</dt>
+<dd>
+parent node
+</dd>
+<dt><i>until</i> (int)</dt>
+<dd>
+end line number to evaluate variable against
+</dd>
+<dt><i>ignoreNodes</i> (list of ast.AST)</dt>
+<dd>
+list of nodes to ignore
+</dd>
+</dl>
+<dl>
+<dt>Return:</dt>
+<dd>
+flag indicating a secure evaluation
+</dd>
+</dl>
+<dl>
+<dt>Return Type:</dt>
+<dd>
+bool
+</dd>
+</dl>
+<div align="right"><a href="#top">Up</a></div>
+<hr />
+<hr />
+<a NAME="getChecks" ID="getChecks"></a>
+<h2>getChecks</h2>
+<b>getChecks</b>(<i></i>)
+
+<p>
+    Public method to get a dictionary with checks handled by this module.
+</p>
+<dl>
+<dt>Return:</dt>
+<dd>
+dictionary containing checker lists containing checker function and
+        list of codes
+</dd>
+</dl>
+<dl>
+<dt>Return Type:</dt>
+<dd>
+dict
+</dd>
+</dl>
+<div align="right"><a href="#top">Up</a></div>
+<hr />
+<hr />
+<a NAME="transform2call" ID="transform2call"></a>
+<h2>transform2call</h2>
+<b>transform2call</b>(<i>var</i>)
+
+<p>
+    Function to transform a variable node to a call node.
+</p>
+<dl>
+
+<dt><i>var</i> (ast.BinOp)</dt>
+<dd>
+variable node
+</dd>
+</dl>
+<dl>
+<dt>Return:</dt>
+<dd>
+call node
+</dd>
+</dl>
+<dl>
+<dt>Return Type:</dt>
+<dd>
+ast.Call
+</dd>
+</dl>
+<div align="right"><a href="#top">Up</a></div>
+<hr />
+</body></html>
\ No newline at end of file

Mercurial Repository: eric

eric ide

mercurial