Mercurial Repositories > eric / changeset
changeset
Code Style Checker
Mon, 19 May 2025 14:33:49 +0200
- author
- Detlev Offenbach <detlev@die-offenbachs.de>
- date
- Mon, 19 May 2025 14:33:49 +0200
- branch
- eric7
- changeset 11297
- 2c773823fb7d
- parent 11296
- 2894ef54fe84
- child 11298
- 4d690ea28e0f
Code Style Checker
- Updated the security checker to `bandit` v1.8.3.
--- a/docs/ThirdParty.md Sun May 18 17:23:00 2025 +0200 +++ b/docs/ThirdParty.md Mon May 19 14:33:49 2025 +0200 @@ -18,7 +18,7 @@ | Name | Version | License | |:-----------------------------:|:---------:|:-----------------------------------| -| bandit | 1.8.2 | Apache License 2.0 | +| bandit | 1.8.3 | Apache License 2.0 | | flake8-2020 | 1.8.1 | MIT License (MIT) | | flake8-alphabetize | 0.0.21 | MIT License (MIT No Attribution) | | flake8-annotations | 3.1.1 | MIT License (MIT) |
--- a/docs/changelog.md Sun May 18 17:23:00 2025 +0200 +++ b/docs/changelog.md Mon May 19 14:33:49 2025 +0200 @@ -2,6 +2,9 @@ ### Version 25.6 - bug fixes +- Code Style Checker + - Updated these checkers. + - Security to `bandit` v1.8.3 - conda Manager - Removed the conda interface and changed it to a plug-in available via the plug-in repository.
--- a/eric7.epj Sun May 18 17:23:00 2025 +0200 +++ b/eric7.epj Mon May 19 14:33:49 2025 +0200 @@ -1585,9 +1585,10 @@ "src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/jinja2Templates.py", "src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/loggingConfigInsecureListen.py", "src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/makoTemplates.py", + "src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/markupsafeMarkupXSS.py", "src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/prohibitedCalls.py", "src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/prohibitedImports.py", - "src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/pytorchLoadSave.py", + "src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/pytorchLoad.py", "src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/requestWithoutTimeout.py", "src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/snmpSecurity.py", "src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/sshNoHostKeyVerification.py",
--- a/src/eric7/Documentation/Source/eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.pytorchLoadSave.html Sun May 18 17:23:00 2025 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,90 +0,0 @@ -<!DOCTYPE html> -<html><head> -<title>eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.pytorchLoadSave</title> -<meta charset="UTF-8"> -<link rel="stylesheet" href="styles.css"> -</head> -<body> -<a NAME="top" ID="top"></a> -<h1>eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.pytorchLoadSave</h1> -<p> -Module implementing checks for the use of 'torch.load' and 'torch.save'. -</p> - -<h3>Global Attributes</h3> -<table> -<tr><td>None</td></tr> -</table> - -<h3>Classes</h3> -<table> -<tr><td>None</td></tr> -</table> - -<h3>Functions</h3> -<table> -<tr> -<td><a href="#checkPytorchLoadSave">checkPytorchLoadSave</a></td> -<td>Function to check for the use of 'torch.load' and 'torch.save'.</td> -</tr> -<tr> -<td><a href="#getChecks">getChecks</a></td> -<td>Public method to get a dictionary with checks handled by this module.</td> -</tr> -</table> - -<hr /> -<hr /> -<a NAME="checkPytorchLoadSave" ID="checkPytorchLoadSave"></a> -<h2>checkPytorchLoadSave</h2> -<b>checkPytorchLoadSave</b>(<i>reportError, context, _config</i>) -<p> - Function to check for the use of 'torch.load' and 'torch.save'. -</p> -<p> - Using `torch.load` with untrusted data can lead to arbitrary code - execution, and improper use of `torch.save` might expose sensitive - data or lead to data corruption. -</p> - -<dl> - -<dt><i>reportError</i> (func)</dt> -<dd> -function to be used to report errors -</dd> -<dt><i>context</i> (SecurityContext)</dt> -<dd> -security context object -</dd> -<dt><i>_config</i> (dict)</dt> -<dd> -dictionary with configuration data (unused) -</dd> -</dl> -<div align="right"><a href="#top">Up</a></div> -<hr /> -<hr /> -<a NAME="getChecks" ID="getChecks"></a> -<h2>getChecks</h2> -<b>getChecks</b>(<i></i>) -<p> - Public method to get a dictionary with checks handled by this module. -</p> - -<dl> -<dt>Return:</dt> -<dd> -dictionary containing checker lists containing checker function and - list of codes -</dd> -</dl> -<dl> -<dt>Return Type:</dt> -<dd> -dict -</dd> -</dl> -<div align="right"><a href="#top">Up</a></div> -<hr /> -</body></html>
--- a/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/CodeStyleCheckerDialog.py Sun May 18 17:23:00 2025 +0200 +++ b/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/CodeStyleCheckerDialog.py Mon May 19 14:33:49 2025 +0200 @@ -499,6 +499,8 @@ "WeakKeySizeEcHigh": str(SecurityDefaults["weak_key_size_ec_high"]), "WeakKeySizeEcMedium": str(SecurityDefaults["weak_key_size_ec_medium"]), "CheckTypedException": SecurityDefaults["check_typed_exception"], + "ExtendMarkupNames": SecurityDefaults["extend_markup_names"], + "AllowedEscapeFunctions": SecurityDefaults["allowed_calls"], }, # Imports "ImportsChecker": { @@ -734,6 +736,12 @@ self.typedExceptionsCheckBox.setChecked( self.__data["SecurityChecker"]["CheckTypedException"] ) + self.additionalMarkupNamesEdit.setPlainText( + "\n".join(self.__data["SecurityChecker"]["ExtendMarkupNames"]) + ) + self.allowedEscapeFunctionsEdit.setPlainText( + "\n".join(self.__data["SecurityChecker"]["AllowedEscapeFunctions"]) + ) # ImportsChecker self.appPackagesEdit.setPlainText( @@ -978,6 +986,14 @@ "weak_key_size_ec_high": int(self.ecHighRiskCombo.currentText()), "weak_key_size_ec_medium": int(self.ecMediumRiskCombo.currentText()), "check_typed_exception": self.typedExceptionsCheckBox.isChecked(), + "extend_markup_names": [ + n.strip() + for n in self.additionalMarkupNamesEdit.toPlainText().splitlines() + ], + "allowed_calls": [ + f.strip() + for f in self.allowedEscapeFunctionsEdit.toPlainText().splitlines() + ] } importsArgs = { @@ -1461,6 +1477,14 @@ "WeakKeySizeEcHigh": self.ecHighRiskCombo.currentText(), "WeakKeySizeEcMedium": self.ecMediumRiskCombo.currentText(), "CheckTypedException": self.typedExceptionsCheckBox.isChecked(), + "ExtendMarkupNames": [ + n.strip() + for n in self.additionalMarkupNamesEdit.toPlainText().splitlines() + ], + "AllowedEscapeFunctions": [ + f.strip() + for f in self.allowedEscapeFunctionsEdit.toPlainText().splitlines() + ], }, "ImportsChecker": { "ApplicationPackageNames": sorted( @@ -2038,6 +2062,26 @@ ) ) ) + self.additionalMarkupNamesEdit.setPlainText( + "\n".join( + EricUtilities.toList( + settings.value( + "PEP8/ExtendMarkupNames", + defaultParameters["SecurityChecker"]["ExtendMarkupNames"] + ) + ) + ) + ) + self.allowedEscapeFunctionsEdit.setPlainText( + "\n".join( + EricUtilities.toList( + settings.value( + "PEP8/AllowedEscapeFunctions", + defaultParameters["SecurityChecker"]["AllowedEscapeFunctions"] + ) + ) + ) + ) # Imports Checker self.appPackagesEdit.setPlainText( @@ -2339,6 +2383,20 @@ settings.setValue( "PEP8/CheckTypedException", self.typedExceptionsCheckBox.isChecked() ) + settings.setValue( + "PEP8/ExtendMarkupNames", + [ + n.strip() + for n in self.additionalMarkupNamesEdit.toPlainText().splitlines() + ] + ) + settings.setValue( + "PEP8/AllowedEscapeFunctions", + [ + f.strip() + for f in self.allowedEscapeFunctionsEdit.toPlainText().splitlines() + ] + ) # Imports Checker settings.setValue( @@ -2563,6 +2621,14 @@ "PEP8/CheckTypedException", defaultParameters["SecurityChecker"]["CheckTypedException"], ) + settings.setValue( + "PEP8/ExtendMarkupNames", + defaultParameters["SecurityChecker"]["ExtendMarkupNames"], + ) + settings.setValue( + "PEP8/AllowedEscapeFunctions", + defaultParameters["SecurityChecker"]["AllowedEscapeFunctions"] + ) # Imports Checker settings.setValue(
--- a/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/CodeStyleCheckerDialog.ui Sun May 18 17:23:00 2025 +0200 +++ b/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/CodeStyleCheckerDialog.ui Mon May 19 14:33:49 2025 +0200 @@ -16,7 +16,7 @@ <property name="sizeGripEnabled"> <bool>true</bool> </property> - <layout class="QVBoxLayout" name="verticalLayout_13"> + <layout class="QVBoxLayout" name="verticalLayout_22"> <item> <widget class="QTabWidget" name="mainWidget"> <property name="currentIndex"> @@ -43,7 +43,7 @@ <string>Categories:</string> </property> <property name="alignment"> - <set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop</set> + <set>Qt::AlignmentFlag::AlignLeading|Qt::AlignmentFlag::AlignLeft|Qt::AlignmentFlag::AlignTop</set> </property> </widget> </item> @@ -211,7 +211,7 @@ <item> <spacer name="horizontalSpacer"> <property name="orientation"> - <enum>Qt::Horizontal</enum> + <enum>Qt::Orientation::Horizontal</enum> </property> <property name="sizeHint" stdset="0"> <size> @@ -226,7 +226,7 @@ <item row="7" column="0"> <spacer name="verticalSpacer_2"> <property name="orientation"> - <enum>Qt::Vertical</enum> + <enum>Qt::Orientation::Vertical</enum> </property> <property name="sizeHint" stdset="0"> <size> @@ -246,13 +246,13 @@ <item> <widget class="QScrollArea" name="scrollArea"> <property name="frameShape"> - <enum>QFrame::NoFrame</enum> + <enum>QFrame::Shape::NoFrame</enum> </property> <property name="frameShadow"> - <enum>QFrame::Plain</enum> + <enum>QFrame::Shadow::Plain</enum> </property> <property name="verticalScrollBarPolicy"> - <enum>Qt::ScrollBarAlwaysOn</enum> + <enum>Qt::ScrollBarPolicy::ScrollBarAlwaysOn</enum> </property> <property name="widgetResizable"> <bool>true</bool> @@ -262,7 +262,7 @@ <rect> <x>0</x> <y>0</y> - <width>617</width> + <width>611</width> <height>905</height> </rect> </property> @@ -288,7 +288,7 @@ <string>Enter the maximum allowed line length (PEP-8: 79 characters)</string> </property> <property name="alignment"> - <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> + <set>Qt::AlignmentFlag::AlignRight|Qt::AlignmentFlag::AlignTrailing|Qt::AlignmentFlag::AlignVCenter</set> </property> <property name="minimum"> <number>60</number> @@ -314,7 +314,7 @@ <string>Enter the maximum allowed line length (PEP-8: 79 characters)</string> </property> <property name="alignment"> - <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> + <set>Qt::AlignmentFlag::AlignRight|Qt::AlignmentFlag::AlignTrailing|Qt::AlignmentFlag::AlignVCenter</set> </property> <property name="minimum"> <number>60</number> @@ -330,7 +330,7 @@ <item row="0" column="2"> <spacer name="horizontalSpacer_3"> <property name="orientation"> - <enum>Qt::Horizontal</enum> + <enum>Qt::Orientation::Horizontal</enum> </property> <property name="sizeHint" stdset="0"> <size> @@ -361,7 +361,7 @@ <string>Enter the number of blank lines before top level classes and functions</string> </property> <property name="alignment"> - <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> + <set>Qt::AlignmentFlag::AlignRight|Qt::AlignmentFlag::AlignTrailing|Qt::AlignmentFlag::AlignVCenter</set> </property> <property name="minimum"> <number>1</number> @@ -377,7 +377,7 @@ <item row="0" column="2"> <spacer name="horizontalSpacer_6"> <property name="orientation"> - <enum>Qt::Horizontal</enum> + <enum>Qt::Orientation::Horizontal</enum> </property> <property name="sizeHint" stdset="0"> <size> @@ -400,7 +400,7 @@ <string>Enter the number of blank lines before methods and nested classes or functions</string> </property> <property name="alignment"> - <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> + <set>Qt::AlignmentFlag::AlignRight|Qt::AlignmentFlag::AlignTrailing|Qt::AlignmentFlag::AlignVCenter</set> </property> <property name="minimum"> <number>1</number> @@ -503,7 +503,7 @@ <string>Enter the minimum size a file must have to be checked (0 for all files)</string> </property> <property name="alignment"> - <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> + <set>Qt::AlignmentFlag::AlignRight|Qt::AlignmentFlag::AlignTrailing|Qt::AlignmentFlag::AlignVCenter</set> </property> <property name="maximum"> <number>4096</number> @@ -513,7 +513,7 @@ <item row="0" column="2"> <spacer name="horizontalSpacer_2"> <property name="orientation"> - <enum>Qt::Horizontal</enum> + <enum>Qt::Orientation::Horizontal</enum> </property> <property name="sizeHint" stdset="0"> <size> @@ -555,7 +555,7 @@ <string>Expected Imports:</string> </property> <property name="alignment"> - <set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop</set> + <set>Qt::AlignmentFlag::AlignLeading|Qt::AlignmentFlag::AlignLeft|Qt::AlignmentFlag::AlignTop</set> </property> </widget> </item> @@ -565,7 +565,7 @@ <bool>true</bool> </property> <property name="selectionMode"> - <enum>QAbstractItemView::ExtendedSelection</enum> + <enum>QAbstractItemView::SelectionMode::ExtendedSelection</enum> </property> <property name="sortingEnabled"> <bool>true</bool> @@ -629,7 +629,7 @@ <item> <spacer name="verticalSpacer_3"> <property name="orientation"> - <enum>Qt::Vertical</enum> + <enum>Qt::Orientation::Vertical</enum> </property> <property name="sizeHint" stdset="0"> <size> @@ -666,7 +666,7 @@ <string>Whitelist:</string> </property> <property name="alignment"> - <set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop</set> + <set>Qt::AlignmentFlag::AlignLeading|Qt::AlignmentFlag::AlignLeft|Qt::AlignmentFlag::AlignTop</set> </property> </widget> </item> @@ -698,7 +698,7 @@ <item> <spacer name="verticalSpacer_6"> <property name="orientation"> - <enum>Qt::Vertical</enum> + <enum>Qt::Orientation::Vertical</enum> </property> <property name="sizeHint" stdset="0"> <size> @@ -733,7 +733,7 @@ <item row="0" column="2" rowspan="2"> <spacer name="horizontalSpacer_5"> <property name="orientation"> - <enum>Qt::Horizontal</enum> + <enum>Qt::Orientation::Horizontal</enum> </property> <property name="sizeHint" stdset="0"> <size> @@ -756,7 +756,7 @@ <string>Enter the maximum allowed code complexity (McCabe: 10)</string> </property> <property name="alignment"> - <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> + <set>Qt::AlignmentFlag::AlignRight|Qt::AlignmentFlag::AlignTrailing|Qt::AlignmentFlag::AlignVCenter</set> </property> <property name="maximum"> <number>100</number> @@ -779,7 +779,7 @@ <string>Enter the maximum complexity (number of nodes) for a line of code</string> </property> <property name="alignment"> - <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> + <set>Qt::AlignmentFlag::AlignRight|Qt::AlignmentFlag::AlignTrailing|Qt::AlignmentFlag::AlignVCenter</set> </property> <property name="maximum"> <number>100</number> @@ -802,7 +802,7 @@ <string>Enter the maximum allowed median for line complexity</string> </property> <property name="alignment"> - <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> + <set>Qt::AlignmentFlag::AlignRight|Qt::AlignmentFlag::AlignTrailing|Qt::AlignmentFlag::AlignVCenter</set> </property> <property name="maximum"> <number>100</number> @@ -818,7 +818,7 @@ <item> <spacer name="verticalSpacer_8"> <property name="orientation"> - <enum>Qt::Vertical</enum> + <enum>Qt::Orientation::Vertical</enum> </property> <property name="sizeHint" stdset="0"> <size> @@ -856,7 +856,7 @@ <string>Enter the minimum percentage of type annotations</string> </property> <property name="alignment"> - <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> + <set>Qt::AlignmentFlag::AlignRight|Qt::AlignmentFlag::AlignTrailing|Qt::AlignmentFlag::AlignVCenter</set> </property> <property name="specialValueText"> <string>off</string> @@ -872,7 +872,7 @@ <item row="0" column="2"> <spacer name="horizontalSpacer_7"> <property name="orientation"> - <enum>Qt::Horizontal</enum> + <enum>Qt::Orientation::Horizontal</enum> </property> <property name="sizeHint" stdset="0"> <size> @@ -895,7 +895,7 @@ <string>Enter the maximum type annotation complexity</string> </property> <property name="alignment"> - <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> + <set>Qt::AlignmentFlag::AlignRight|Qt::AlignmentFlag::AlignTrailing|Qt::AlignmentFlag::AlignVCenter</set> </property> <property name="minimum"> <number>1</number> @@ -918,7 +918,7 @@ <string>Enter the maximum type annotation length</string> </property> <property name="alignment"> - <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> + <set>Qt::AlignmentFlag::AlignRight|Qt::AlignmentFlag::AlignTrailing|Qt::AlignmentFlag::AlignVCenter</set> </property> <property name="minimum"> <number>1</number> @@ -1081,7 +1081,7 @@ <item> <spacer name="verticalSpacer_9"> <property name="orientation"> - <enum>Qt::Vertical</enum> + <enum>Qt::Orientation::Vertical</enum> </property> <property name="sizeHint" stdset="0"> <size> @@ -1097,243 +1097,327 @@ <attribute name="title"> <string>Security</string> </attribute> - <layout class="QGridLayout" name="gridLayout_7"> - <item row="0" column="0"> - <widget class="QLabel" name="label_21"> - <property name="text"> - <string>Hardcoded 'tmp' Directories:</string> - </property> - <property name="alignment"> - <set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop</set> - </property> - </widget> - </item> - <item row="3" column="0" colspan="2"> - <widget class="QGroupBox" name="groupBox_11"> - <property name="title"> - <string>Weak Cryptographic Keys</string> + <layout class="QVBoxLayout" name="verticalLayout_21"> + <item> + <widget class="QScrollArea" name="scrollArea_2"> + <property name="widgetResizable"> + <bool>true</bool> </property> - <layout class="QVBoxLayout" name="verticalLayout_10"> - <item> - <widget class="QGroupBox" name="groupBox_12"> - <property name="title"> - <string>DSA</string> - </property> - <layout class="QHBoxLayout" name="horizontalLayout_5"> - <item> - <widget class="QLabel" name="label_24"> + <widget class="QWidget" name="scrollAreaWidgetContents_2"> + <property name="geometry"> + <rect> + <x>0</x> + <y>0</y> + <width>609</width> + <height>691</height> + </rect> + </property> + <layout class="QVBoxLayout" name="verticalLayout_13"> + <item> + <layout class="QGridLayout" name="gridLayout_12"> + <item row="0" column="0"> + <widget class="QLabel" name="label_21"> <property name="text"> - <string>High Risk:</string> + <string>Hardcoded 'tmp' Directories:</string> </property> - </widget> - </item> - <item> - <widget class="QComboBox" name="dsaHighRiskCombo"> - <property name="toolTip"> - <string>Select the bit length below which a DSA key is to be considered very weak</string> - </property> - <property name="editable"> - <bool>false</bool> - </property> - </widget> - </item> - <item> - <widget class="QLabel" name="label_25"> - <property name="text"> - <string>Medium Risk:</string> + <property name="alignment"> + <set>Qt::AlignmentFlag::AlignLeading|Qt::AlignmentFlag::AlignLeft|Qt::AlignmentFlag::AlignTop</set> </property> </widget> </item> - <item> - <widget class="QComboBox" name="dsaMediumRiskCombo"> + <item row="0" column="1"> + <widget class="QPlainTextEdit" name="tmpDirectoriesEdit"> + <property name="maximumSize"> + <size> + <width>16777215</width> + <height>200</height> + </size> + </property> <property name="toolTip"> - <string>Select the bit length below which a DSA key is to be considered weak</string> + <string>Enter directory names (one per line) to be checked for</string> </property> - <property name="editable"> - <bool>false</bool> + </widget> + </item> + <item row="1" column="0"> + <widget class="QLabel" name="label_22"> + <property name="text"> + <string>Insecure Hashes:</string> </property> </widget> </item> - <item> - <spacer name="horizontalSpacer_8"> - <property name="orientation"> - <enum>Qt::Horizontal</enum> - </property> - <property name="sizeHint" stdset="0"> - <size> - <width>324</width> - <height>20</height> - </size> + <item row="1" column="1"> + <widget class="QLineEdit" name="hashesEdit"> + <property name="toolTip"> + <string>Enter a list of hash methods to be considered insecure separated by comma</string> </property> - </spacer> - </item> - </layout> - </widget> - </item> - <item> - <widget class="QGroupBox" name="groupBox_13"> - <property name="title"> - <string>RSA</string> - </property> - <layout class="QHBoxLayout" name="horizontalLayout_9"> - <item> - <widget class="QLabel" name="label_26"> - <property name="text"> - <string>High Risk:</string> + <property name="clearButtonEnabled"> + <bool>true</bool> </property> </widget> </item> - <item> - <widget class="QComboBox" name="rsaHighRiskCombo"> - <property name="toolTip"> - <string>Select the bit length below which a RSA key is to be considered very weak</string> + <item row="2" column="0"> + <widget class="QLabel" name="label_23"> + <property name="text"> + <string>Insecure SSL Protocols:</string> </property> - <property name="editable"> - <bool>false</bool> + <property name="alignment"> + <set>Qt::AlignmentFlag::AlignLeading|Qt::AlignmentFlag::AlignLeft|Qt::AlignmentFlag::AlignTop</set> </property> </widget> </item> - <item> - <widget class="QLabel" name="label_27"> - <property name="text"> - <string>Medium Risk:</string> + <item row="2" column="1"> + <widget class="QPlainTextEdit" name="insecureSslProtocolsEdit"> + <property name="maximumSize"> + <size> + <width>16777215</width> + <height>200</height> + </size> </property> - </widget> - </item> - <item> - <widget class="QComboBox" name="rsaMediumRiskCombo"> <property name="toolTip"> - <string>Select the bit length below which a RSA key is to be considered weak</string> - </property> - <property name="editable"> - <bool>false</bool> + <string>Enter the names of insecure SSL protocols and methods (one per line)</string> </property> </widget> </item> - <item> - <spacer name="horizontalSpacer_9"> - <property name="orientation"> - <enum>Qt::Horizontal</enum> - </property> - <property name="sizeHint" stdset="0"> - <size> - <width>40</width> - <height>20</height> - </size> - </property> - </spacer> - </item> </layout> - </widget> - </item> - <item> - <widget class="QGroupBox" name="groupBox_14"> - <property name="title"> - <string>Elliptic Curves</string> - </property> - <layout class="QHBoxLayout" name="horizontalLayout_10"> - <item> - <widget class="QLabel" name="label_28"> - <property name="text"> - <string>High Risk:</string> - </property> - </widget> - </item> - <item> - <widget class="QComboBox" name="ecHighRiskCombo"> - <property name="toolTip"> - <string>Select the bit length below which an Elliptic Curve is to be considered very weak</string> - </property> - <property name="editable"> - <bool>false</bool> - </property> - </widget> - </item> - <item> - <widget class="QLabel" name="label_29"> - <property name="text"> - <string>Medium Risk:</string> - </property> - </widget> - </item> - <item> - <widget class="QComboBox" name="ecMediumRiskCombo"> - <property name="toolTip"> - <string>Select the bit length below which an Elliptic Curve is to be considered weak</string> - </property> - <property name="editable"> - <bool>false</bool> - </property> - </widget> - </item> - <item> - <spacer name="horizontalSpacer_10"> - <property name="orientation"> - <enum>Qt::Horizontal</enum> - </property> - <property name="sizeHint" stdset="0"> - <size> - <width>40</width> - <height>20</height> - </size> - </property> - </spacer> - </item> - </layout> - </widget> - </item> - </layout> - </widget> - </item> - <item row="2" column="1"> - <widget class="QPlainTextEdit" name="insecureSslProtocolsEdit"> - <property name="toolTip"> - <string>Enter the names of insecure SSL protocols and methods (one per line)</string> - </property> - </widget> - </item> - <item row="2" column="0"> - <widget class="QLabel" name="label_23"> - <property name="text"> - <string>Insecure SSL Protocols:</string> - </property> - <property name="alignment"> - <set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop</set> - </property> - </widget> - </item> - <item row="1" column="0"> - <widget class="QLabel" name="label_22"> - <property name="text"> - <string>Insecure Hashes:</string> - </property> - </widget> - </item> - <item row="1" column="1"> - <widget class="QLineEdit" name="hashesEdit"> - <property name="toolTip"> - <string>Enter a list of hash methods to be considered insecure separated by comma</string> - </property> - <property name="clearButtonEnabled"> - <bool>true</bool> - </property> - </widget> - </item> - <item row="4" column="0" colspan="2"> - <widget class="QCheckBox" name="typedExceptionsCheckBox"> - <property name="toolTip"> - <string>Select to also check for insecure exception handling for typed exceptions</string> - </property> - <property name="text"> - <string>Check Typed Exceptions</string> - </property> - </widget> - </item> - <item row="0" column="1"> - <widget class="QPlainTextEdit" name="tmpDirectoriesEdit"> - <property name="toolTip"> - <string>Enter directory names (one per line) to be checked for</string> - </property> + </item> + <item> + <widget class="QGroupBox" name="groupBox_11"> + <property name="title"> + <string>Weak Cryptographic Keys</string> + </property> + <layout class="QVBoxLayout" name="verticalLayout_10"> + <item> + <widget class="QGroupBox" name="groupBox_12"> + <property name="title"> + <string>DSA</string> + </property> + <layout class="QHBoxLayout" name="horizontalLayout_5"> + <item> + <widget class="QLabel" name="label_24"> + <property name="text"> + <string>High Risk:</string> + </property> + </widget> + </item> + <item> + <widget class="QComboBox" name="dsaHighRiskCombo"> + <property name="toolTip"> + <string>Select the bit length below which a DSA key is to be considered very weak</string> + </property> + <property name="editable"> + <bool>false</bool> + </property> + </widget> + </item> + <item> + <widget class="QLabel" name="label_25"> + <property name="text"> + <string>Medium Risk:</string> + </property> + </widget> + </item> + <item> + <widget class="QComboBox" name="dsaMediumRiskCombo"> + <property name="toolTip"> + <string>Select the bit length below which a DSA key is to be considered weak</string> + </property> + <property name="editable"> + <bool>false</bool> + </property> + </widget> + </item> + <item> + <spacer name="horizontalSpacer_8"> + <property name="orientation"> + <enum>Qt::Orientation::Horizontal</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>324</width> + <height>20</height> + </size> + </property> + </spacer> + </item> + </layout> + </widget> + </item> + <item> + <widget class="QGroupBox" name="groupBox_13"> + <property name="title"> + <string>RSA</string> + </property> + <layout class="QHBoxLayout" name="horizontalLayout_9"> + <item> + <widget class="QLabel" name="label_26"> + <property name="text"> + <string>High Risk:</string> + </property> + </widget> + </item> + <item> + <widget class="QComboBox" name="rsaHighRiskCombo"> + <property name="toolTip"> + <string>Select the bit length below which a RSA key is to be considered very weak</string> + </property> + <property name="editable"> + <bool>false</bool> + </property> + </widget> + </item> + <item> + <widget class="QLabel" name="label_27"> + <property name="text"> + <string>Medium Risk:</string> + </property> + </widget> + </item> + <item> + <widget class="QComboBox" name="rsaMediumRiskCombo"> + <property name="toolTip"> + <string>Select the bit length below which a RSA key is to be considered weak</string> + </property> + <property name="editable"> + <bool>false</bool> + </property> + </widget> + </item> + <item> + <spacer name="horizontalSpacer_9"> + <property name="orientation"> + <enum>Qt::Orientation::Horizontal</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>40</width> + <height>20</height> + </size> + </property> + </spacer> + </item> + </layout> + </widget> + </item> + <item> + <widget class="QGroupBox" name="groupBox_14"> + <property name="title"> + <string>Elliptic Curves</string> + </property> + <layout class="QHBoxLayout" name="horizontalLayout_10"> + <item> + <widget class="QLabel" name="label_28"> + <property name="text"> + <string>High Risk:</string> + </property> + </widget> + </item> + <item> + <widget class="QComboBox" name="ecHighRiskCombo"> + <property name="toolTip"> + <string>Select the bit length below which an Elliptic Curve is to be considered very weak</string> + </property> + <property name="editable"> + <bool>false</bool> + </property> + </widget> + </item> + <item> + <widget class="QLabel" name="label_29"> + <property name="text"> + <string>Medium Risk:</string> + </property> + </widget> + </item> + <item> + <widget class="QComboBox" name="ecMediumRiskCombo"> + <property name="toolTip"> + <string>Select the bit length below which an Elliptic Curve is to be considered weak</string> + </property> + <property name="editable"> + <bool>false</bool> + </property> + </widget> + </item> + <item> + <spacer name="horizontalSpacer_10"> + <property name="orientation"> + <enum>Qt::Orientation::Horizontal</enum> + </property> + <property name="sizeHint" stdset="0"> + <size> + <width>40</width> + <height>20</height> + </size> + </property> + </spacer> + </item> + </layout> + </widget> + </item> + </layout> + </widget> + </item> + <item> + <widget class="QCheckBox" name="typedExceptionsCheckBox"> + <property name="toolTip"> + <string>Select to also check for insecure exception handling for typed exceptions</string> + </property> + <property name="text"> + <string>Check Typed Exceptions</string> + </property> + </widget> + </item> + <item> + <widget class="QGroupBox" name="groupBox_21"> + <property name="title"> + <string>'markupsafe' XSS</string> + </property> + <layout class="QGridLayout" name="gridLayout_7"> + <item row="0" column="0"> + <widget class="QLabel" name="label_39"> + <property name="text"> + <string>Additional Markup Names:</string> + </property> + </widget> + </item> + <item row="0" column="1"> + <widget class="QPlainTextEdit" name="additionalMarkupNamesEdit"> + <property name="maximumSize"> + <size> + <width>16777215</width> + <height>200</height> + </size> + </property> + <property name="toolTip"> + <string>Enter the names (one per line) of additional markup functions</string> + </property> + </widget> + </item> + <item row="1" column="0"> + <widget class="QLabel" name="label_40"> + <property name="text"> + <string>Allowed Calls:</string> + </property> + </widget> + </item> + <item row="1" column="1"> + <widget class="QPlainTextEdit" name="allowedEscapeFunctionsEdit"> + <property name="maximumSize"> + <size> + <width>16777215</width> + <height>200</height> + </size> + </property> + <property name="toolTip"> + <string>Enter names (one per line) of safe escape functions</string> + </property> + </widget> + </item> + </layout> + </widget> + </item> + </layout> + </widget> </widget> </item> </layout> @@ -1440,7 +1524,7 @@ <item> <spacer name="verticalSpacer_7"> <property name="orientation"> - <enum>Qt::Vertical</enum> + <enum>Qt::Orientation::Vertical</enum> </property> <property name="sizeHint" stdset="0"> <size> @@ -1490,7 +1574,7 @@ <item row="0" column="3"> <spacer name="horizontalSpacer_4"> <property name="orientation"> - <enum>Qt::Horizontal</enum> + <enum>Qt::Orientation::Horizontal</enum> </property> <property name="sizeHint" stdset="0"> <size> @@ -1542,7 +1626,7 @@ <item> <spacer name="horizontalSpacer_11"> <property name="orientation"> - <enum>Qt::Horizontal</enum> + <enum>Qt::Orientation::Horizontal</enum> </property> <property name="sizeHint" stdset="0"> <size> @@ -1558,7 +1642,7 @@ <item> <spacer name="verticalSpacer_10"> <property name="orientation"> - <enum>Qt::Vertical</enum> + <enum>Qt::Orientation::Vertical</enum> </property> <property name="sizeHint" stdset="0"> <size> @@ -1697,7 +1781,7 @@ <item> <spacer name="verticalSpacer_11"> <property name="orientation"> - <enum>Qt::Vertical</enum> + <enum>Qt::Orientation::Vertical</enum> </property> <property name="sizeHint" stdset="0"> <size> @@ -1717,7 +1801,7 @@ <number>2</number> </property> <property name="orientation"> - <enum>Qt::Vertical</enum> + <enum>Qt::Orientation::Vertical</enum> </property> </widget> </item> @@ -1736,7 +1820,7 @@ <item> <spacer name="verticalSpacer"> <property name="orientation"> - <enum>Qt::Vertical</enum> + <enum>Qt::Orientation::Vertical</enum> </property> <property name="sizeHint" stdset="0"> <size> @@ -1793,16 +1877,16 @@ <string>Shows the list of files still to be checked</string> </property> <property name="editTriggers"> - <set>QAbstractItemView::NoEditTriggers</set> + <set>QAbstractItemView::EditTrigger::NoEditTriggers</set> </property> <property name="alternatingRowColors"> <bool>true</bool> </property> <property name="selectionMode"> - <enum>QAbstractItemView::NoSelection</enum> + <enum>QAbstractItemView::SelectionMode::NoSelection</enum> </property> <property name="textElideMode"> - <enum>Qt::ElideMiddle</enum> + <enum>Qt::TextElideMode::ElideMiddle</enum> </property> <property name="sortingEnabled"> <bool>true</bool> @@ -1818,7 +1902,7 @@ <number>0</number> </property> <property name="orientation"> - <enum>Qt::Horizontal</enum> + <enum>Qt::Orientation::Horizontal</enum> </property> <property name="format"> <string>%v/%m Files</string> @@ -1833,7 +1917,7 @@ <number>2</number> </property> <property name="orientation"> - <enum>Qt::Vertical</enum> + <enum>Qt::Orientation::Vertical</enum> </property> </widget> </item> @@ -1849,7 +1933,7 @@ <item> <spacer name="verticalSpacer_5"> <property name="orientation"> - <enum>Qt::Vertical</enum> + <enum>Qt::Orientation::Vertical</enum> </property> <property name="sizeHint" stdset="0"> <size> @@ -1895,7 +1979,7 @@ <bool>true</bool> </property> <property name="selectionMode"> - <enum>QAbstractItemView::ExtendedSelection</enum> + <enum>QAbstractItemView::SelectionMode::ExtendedSelection</enum> </property> <property name="sortingEnabled"> <bool>true</bool> @@ -1928,7 +2012,7 @@ <number>2</number> </property> <property name="orientation"> - <enum>Qt::Vertical</enum> + <enum>Qt::Orientation::Vertical</enum> </property> </widget> </item> @@ -1960,7 +2044,7 @@ <number>2</number> </property> <property name="orientation"> - <enum>Qt::Horizontal</enum> + <enum>Qt::Orientation::Horizontal</enum> </property> </widget> </item> @@ -1987,7 +2071,7 @@ <item> <widget class="Line" name="line_5"> <property name="orientation"> - <enum>Qt::Horizontal</enum> + <enum>Qt::Orientation::Horizontal</enum> </property> </widget> </item> @@ -2018,7 +2102,7 @@ <item> <spacer name="verticalSpacer_4"> <property name="orientation"> - <enum>Qt::Vertical</enum> + <enum>Qt::Orientation::Vertical</enum> </property> <property name="sizeHint" stdset="0"> <size> @@ -2037,10 +2121,10 @@ <item> <widget class="QDialogButtonBox" name="buttonBox"> <property name="orientation"> - <enum>Qt::Horizontal</enum> + <enum>Qt::Orientation::Horizontal</enum> </property> <property name="standardButtons"> - <set>QDialogButtonBox::Close</set> + <set>QDialogButtonBox::StandardButton::Close</set> </property> </widget> </item> @@ -2099,6 +2183,7 @@ <tabstop>dispatchDecoratorEdit</tabstop> <tabstop>overloadDecoratorEdit</tabstop> <tabstop>exemptedTypingSymbolsEdit</tabstop> + <tabstop>scrollArea_2</tabstop> <tabstop>tmpDirectoriesEdit</tabstop> <tabstop>hashesEdit</tabstop> <tabstop>insecureSslProtocolsEdit</tabstop> @@ -2109,6 +2194,8 @@ <tabstop>ecHighRiskCombo</tabstop> <tabstop>ecMediumRiskCombo</tabstop> <tabstop>typedExceptionsCheckBox</tabstop> + <tabstop>additionalMarkupNamesEdit</tabstop> + <tabstop>allowedEscapeFunctionsEdit</tabstop> <tabstop>appPackagesEdit</tabstop> <tabstop>bannedModulesEdit</tabstop> <tabstop>allowAllButton</tabstop>
--- a/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/generalHardcodedPassword.py Sun May 18 17:23:00 2025 +0200 +++ b/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/generalHardcodedPassword.py Mon May 19 14:33:49 2025 +0200 @@ -147,16 +147,19 @@ # go through all (param, value)s and look for candidates for key, val in zip(context.node.args.args, defs): - if ( - isinstance(key, (ast.Name, ast.arg)) - and AstUtilities.isString(val) - and RE_CANDIDATES.search(key.arg) - ): - reportError( - context.node.lineno - 1, - context.node.col_offset, - "S-107", - "L", - "M", - val.value, - ) + if isinstance(key, (ast.Name, ast.arg)): + # Skip if the default value is None + if val is None or ( + isinstance(val, (ast.Constant, ast.NameConstant)) + and val.value is None + ): + continue + if isinstance(val, ast.Str) and RE_CANDIDATES.search(key.arg): + reportError( + context.node.lineno - 1, + context.node.col_offset, + "S-107", + "L", + "M", + val.value, + )
--- a/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/generalHardcodedTmp.py Sun May 18 17:23:00 2025 +0200 +++ b/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/generalHardcodedTmp.py Mon May 19 14:33:49 2025 +0200 @@ -13,7 +13,7 @@ # Original Copyright 2014 Hewlett-Packard Development Company, L.P. # # SPDX-License-Identifier: Apache-2.0 -# ...r\Security\Checks\generalHardcodedTmp.py +# from Security.SecurityDefaults import SecurityDefaults
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/markupsafeMarkupXSS.py Mon May 19 14:33:49 2025 +0200 @@ -0,0 +1,81 @@ +# -*- coding: utf-8 -*- + +# Copyright (c) 2025 Detlev Offenbach <detlev@die-offenbachs.de> +# + +""" +Module implementing checks for potential XSS on markupsafe.Markup use. +""" + +# +# This is a modified version of the one found in the bandit package. +# +# Copyright (c) 2025 David Salvisberg +# +# SPDX-License-Identifier: Apache-2.0 +# + +import ast + +from Security import SecurityUtils +from Security.SecurityDefaults import SecurityDefaults + + +def getChecks(): + """ + Public method to get a dictionary with checks handled by this module. + + @return dictionary containing checker lists containing checker function and + list of codes + @rtype dict + """ + return { + "Call": [ + (markupsafeMarkupXss, ("S-704",)), + ], + } + + +def markupsafeMarkupXss(reportError, context, config): + """ + Function to check for potential XSS on markupsafe.Markup use. + + @param reportError function to be used to report errors + @type func + @param context security context object + @type SecurityContext + @param config dictionary with configuration data (unused) + @type dict + """ + + qualname = context.callFunctionNameQual + if qualname not in ("markupsafe.Markup", "flask.Markup"): + if qualname not in config.get( + "extend_markup_names", SecurityDefaults["extend_markup_names"] + ): + # not a Markup call + return None + + args = context.node.args + if not args or isinstance(args[0], ast.Constant): + # both no arguments and a constant are fine + return None + + allowedCalls = config.get("allowed_calls", SecurityDefaults["allowed_calls"]) + if ( + allowedCalls + and isinstance(args[0], ast.Call) + and SecurityUtils.getCallName(args[0], context.importAliases) in allowedCalls + ): + # the argument contains a whitelisted call + return None + + reportError( + context.node.lineno - 1, + context.node.col_offset, + "S-704", + "M", + "H", + qualname, + context.callFunctionName, + )
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/pytorchLoad.py Mon May 19 14:33:49 2025 +0200 @@ -0,0 +1,73 @@ +# -*- coding: utf-8 -*- + +# Copyright (c) 2024 - 2025 Detlev Offenbach <detlev@die-offenbachs.de> +# + +""" +Module implementing checks for the use of 'torch.load' and 'torch.save'. +""" + +# +# This is a modified version of the one found in the bandit package. +# +# Original Copyright (c) 2024 Stacklok, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + + +def getChecks(): + """ + Public method to get a dictionary with checks handled by this module. + + @return dictionary containing checker lists containing checker function and + list of codes + @rtype dict + """ + return { + "Call": [ + (checkPytorchLoad, ("S-614",)), + ], + } + + +def checkPytorchLoad(reportError, context, _config): + """ + Function to check for the use of 'torch.load'. + + Using `torch.load` with untrusted data can lead to arbitrary code + execution. The safe alternative is to use `weights_only=True` or + the safetensors library. + + @param reportError function to be used to report errors + @type func + @param context security context object + @type SecurityContext + @param _config dictionary with configuration data (unused) + @type dict + """ + imported = context.isModuleImportedExact("torch") + qualname = context.callFunctionNameQual + if not imported and isinstance(qualname, str): + return + + qualnameList = qualname.split(".") + func = qualnameList[-1] + if all( + [ + "torch" in qualnameList, + func == "load", + ] + ): + # For torch.load, check if weights_only=True is specified + weightsOnly = context.getCallArgValue("weights_only") + if weightsOnly == "True" or weightsOnly is True: + return + + reportError( + context.node.lineno - 1, + context.node.col_offset, + "S-614", + "M", + "H", + )
--- a/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/Checks/pytorchLoadSave.py Sun May 18 17:23:00 2025 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,69 +0,0 @@ -# -*- coding: utf-8 -*- - -# Copyright (c) 2024 - 2025 Detlev Offenbach <detlev@die-offenbachs.de> -# - -""" -Module implementing checks for the use of 'torch.load' and 'torch.save'. -""" - -# -# This is a modified version of the one found in the bandit package. -# -# Original Copyright (c) 2024 Stacklok, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - - -def getChecks(): - """ - Public method to get a dictionary with checks handled by this module. - - @return dictionary containing checker lists containing checker function and - list of codes - @rtype dict - """ - return { - "Call": [ - (checkPytorchLoadSave, ("S-614",)), - ], - } - - -def checkPytorchLoadSave(reportError, context, _config): - """ - Function to check for the use of 'torch.load' and 'torch.save'. - - Using `torch.load` with untrusted data can lead to arbitrary code - execution, and improper use of `torch.save` might expose sensitive - data or lead to data corruption. - - @param reportError function to be used to report errors - @type func - @param context security context object - @type SecurityContext - @param _config dictionary with configuration data (unused) - @type dict - """ - imported = context.isModuleImportedExact("torch") - qualname = context.callFunctionNameQual - if not imported and isinstance(qualname, str): - return - - qualnameList = qualname.split(".") - func = qualnameList[-1] - if all( - [ - "torch" in qualnameList, - func in ["load", "save"], - not context.checkCallArgValue("map_location", "cpu"), - ] - ): - reportError( - context.node.lineno - 1, - context.node.col_offset, - "S-614", - "M", - "H", - )
--- a/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityContext.py Sun May 18 17:23:00 2025 +0200 +++ b/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityContext.py Mon May 19 14:33:49 2025 +0200 @@ -408,3 +408,13 @@ @rtype str """ return self.__context.get("filedata") + + @property + def importAliases(self): + """ + Public method to get the list of import aliases. + + @return list of import aliases + @rtype list of str + """ + return self.__context.get("import_aliases")
--- a/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityDefaults.py Sun May 18 17:23:00 2025 +0200 +++ b/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/SecurityDefaults.py Mon May 19 14:33:49 2025 +0200 @@ -81,4 +81,11 @@ "weak_key_size_rsa_medium": 2048, "weak_key_size_ec_high": 160, "weak_key_size_ec_medium": 224, + # markupsafeMarkuoXSS.py + "extend_markup_names": [ + "webhelpers.html.literal", + ], + "allowed_calls": [ + "bleach.clean", + ], }
--- a/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py Sun May 18 17:23:00 2025 +0200 +++ b/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Security/translations.py Mon May 19 14:33:49 2025 +0200 @@ -379,7 +379,7 @@ ), # PyTorch unsafe load or save "S-614": QCoreApplication.translate( - "Security", "Use of unsafe PyTorch load or save." + "Security", "Use of unsafe PyTorch load." ), # Jinja2 templates "S-701.1": QCoreApplication.translate( @@ -406,6 +406,11 @@ "S-703": QCoreApplication.translate( "Security", "Potential XSS on 'mark_safe()' function." ), + # Markupsafe XSS vulnerability + "S-704": QCoreApplication.translate( + "Security", + "Potential XSS with '{0}' detected. Do not use '{1}' on untrusted data.", + ), # hardcoded AWS passwords "S-801": QCoreApplication.translate( "Security", "Possible hardcoded AWS access key ID: {0}" @@ -447,6 +452,7 @@ "S-505": ["RSA", 2048], "S-609": ["os.system"], "S-613": [repr("\u202e")], + "S-704": ["markupsafe.Markup", "Markup"], "S-801": ["A1B2C3D4E5F6G7H8I9J0"], # secok "S-802": ["aA1bB2cC3dD4/eE5fF6gG7+hH8iI9jJ0=kKlLM+="], # secok }
--- a/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Ui_CodeStyleCheckerDialog.py Sun May 18 17:23:00 2025 +0200 +++ b/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/Ui_CodeStyleCheckerDialog.py Mon May 19 14:33:49 2025 +0200 @@ -1,6 +1,6 @@ -# Form implementation generated from reading ui file '/home/detlev/Development/Python/Eric/eric7_default/src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/CodeStyleCheckerDialog.ui' +# Form implementation generated from reading ui file 'src/eric7/Plugins/CheckerPlugins/CodeStyleChecker/CodeStyleCheckerDialog.ui' # -# Created by: PyQt6 UI code generator 6.7.0 +# Created by: PyQt6 UI code generator 6.9.0 # # WARNING: Any manual changes made to this file will be lost when pyuic6 is # run again. Do not edit this file unless you know what you are doing. @@ -14,8 +14,8 @@ CodeStyleCheckerDialog.setObjectName("CodeStyleCheckerDialog") CodeStyleCheckerDialog.resize(800, 700) CodeStyleCheckerDialog.setSizeGripEnabled(True) - self.verticalLayout_13 = QtWidgets.QVBoxLayout(CodeStyleCheckerDialog) - self.verticalLayout_13.setObjectName("verticalLayout_13") + self.verticalLayout_22 = QtWidgets.QVBoxLayout(CodeStyleCheckerDialog) + self.verticalLayout_22.setObjectName("verticalLayout_22") self.mainWidget = QtWidgets.QTabWidget(parent=CodeStyleCheckerDialog) self.mainWidget.setObjectName("mainWidget") self.configureTab = QtWidgets.QWidget() @@ -112,7 +112,7 @@ self.scrollArea.setWidgetResizable(True) self.scrollArea.setObjectName("scrollArea") self.scrollAreaWidgetContents = QtWidgets.QWidget() - self.scrollAreaWidgetContents.setGeometry(QtCore.QRect(0, 0, 617, 905)) + self.scrollAreaWidgetContents.setGeometry(QtCore.QRect(0, 0, 611, 905)) self.scrollAreaWidgetContents.setObjectName("scrollAreaWidgetContents") self.verticalLayout_4 = QtWidgets.QVBoxLayout(self.scrollAreaWidgetContents) self.verticalLayout_4.setObjectName("verticalLayout_4") @@ -431,13 +431,43 @@ self.optionsTabWidget.addTab(self.typeAnnotationsTab, "") self.securityOptionsTab = QtWidgets.QWidget() self.securityOptionsTab.setObjectName("securityOptionsTab") - self.gridLayout_7 = QtWidgets.QGridLayout(self.securityOptionsTab) - self.gridLayout_7.setObjectName("gridLayout_7") - self.label_21 = QtWidgets.QLabel(parent=self.securityOptionsTab) + self.verticalLayout_21 = QtWidgets.QVBoxLayout(self.securityOptionsTab) + self.verticalLayout_21.setObjectName("verticalLayout_21") + self.scrollArea_2 = QtWidgets.QScrollArea(parent=self.securityOptionsTab) + self.scrollArea_2.setWidgetResizable(True) + self.scrollArea_2.setObjectName("scrollArea_2") + self.scrollAreaWidgetContents_2 = QtWidgets.QWidget() + self.scrollAreaWidgetContents_2.setGeometry(QtCore.QRect(0, 0, 609, 691)) + self.scrollAreaWidgetContents_2.setObjectName("scrollAreaWidgetContents_2") + self.verticalLayout_13 = QtWidgets.QVBoxLayout(self.scrollAreaWidgetContents_2) + self.verticalLayout_13.setObjectName("verticalLayout_13") + self.gridLayout_12 = QtWidgets.QGridLayout() + self.gridLayout_12.setObjectName("gridLayout_12") + self.label_21 = QtWidgets.QLabel(parent=self.scrollAreaWidgetContents_2) self.label_21.setAlignment(QtCore.Qt.AlignmentFlag.AlignLeading|QtCore.Qt.AlignmentFlag.AlignLeft|QtCore.Qt.AlignmentFlag.AlignTop) self.label_21.setObjectName("label_21") - self.gridLayout_7.addWidget(self.label_21, 0, 0, 1, 1) - self.groupBox_11 = QtWidgets.QGroupBox(parent=self.securityOptionsTab) + self.gridLayout_12.addWidget(self.label_21, 0, 0, 1, 1) + self.tmpDirectoriesEdit = QtWidgets.QPlainTextEdit(parent=self.scrollAreaWidgetContents_2) + self.tmpDirectoriesEdit.setMaximumSize(QtCore.QSize(16777215, 200)) + self.tmpDirectoriesEdit.setObjectName("tmpDirectoriesEdit") + self.gridLayout_12.addWidget(self.tmpDirectoriesEdit, 0, 1, 1, 1) + self.label_22 = QtWidgets.QLabel(parent=self.scrollAreaWidgetContents_2) + self.label_22.setObjectName("label_22") + self.gridLayout_12.addWidget(self.label_22, 1, 0, 1, 1) + self.hashesEdit = QtWidgets.QLineEdit(parent=self.scrollAreaWidgetContents_2) + self.hashesEdit.setClearButtonEnabled(True) + self.hashesEdit.setObjectName("hashesEdit") + self.gridLayout_12.addWidget(self.hashesEdit, 1, 1, 1, 1) + self.label_23 = QtWidgets.QLabel(parent=self.scrollAreaWidgetContents_2) + self.label_23.setAlignment(QtCore.Qt.AlignmentFlag.AlignLeading|QtCore.Qt.AlignmentFlag.AlignLeft|QtCore.Qt.AlignmentFlag.AlignTop) + self.label_23.setObjectName("label_23") + self.gridLayout_12.addWidget(self.label_23, 2, 0, 1, 1) + self.insecureSslProtocolsEdit = QtWidgets.QPlainTextEdit(parent=self.scrollAreaWidgetContents_2) + self.insecureSslProtocolsEdit.setMaximumSize(QtCore.QSize(16777215, 200)) + self.insecureSslProtocolsEdit.setObjectName("insecureSslProtocolsEdit") + self.gridLayout_12.addWidget(self.insecureSslProtocolsEdit, 2, 1, 1, 1) + self.verticalLayout_13.addLayout(self.gridLayout_12) + self.groupBox_11 = QtWidgets.QGroupBox(parent=self.scrollAreaWidgetContents_2) self.groupBox_11.setObjectName("groupBox_11") self.verticalLayout_10 = QtWidgets.QVBoxLayout(self.groupBox_11) self.verticalLayout_10.setObjectName("verticalLayout_10") @@ -504,27 +534,31 @@ spacerItem13 = QtWidgets.QSpacerItem(40, 20, QtWidgets.QSizePolicy.Policy.Expanding, QtWidgets.QSizePolicy.Policy.Minimum) self.horizontalLayout_10.addItem(spacerItem13) self.verticalLayout_10.addWidget(self.groupBox_14) - self.gridLayout_7.addWidget(self.groupBox_11, 3, 0, 1, 2) - self.insecureSslProtocolsEdit = QtWidgets.QPlainTextEdit(parent=self.securityOptionsTab) - self.insecureSslProtocolsEdit.setObjectName("insecureSslProtocolsEdit") - self.gridLayout_7.addWidget(self.insecureSslProtocolsEdit, 2, 1, 1, 1) - self.label_23 = QtWidgets.QLabel(parent=self.securityOptionsTab) - self.label_23.setAlignment(QtCore.Qt.AlignmentFlag.AlignLeading|QtCore.Qt.AlignmentFlag.AlignLeft|QtCore.Qt.AlignmentFlag.AlignTop) - self.label_23.setObjectName("label_23") - self.gridLayout_7.addWidget(self.label_23, 2, 0, 1, 1) - self.label_22 = QtWidgets.QLabel(parent=self.securityOptionsTab) - self.label_22.setObjectName("label_22") - self.gridLayout_7.addWidget(self.label_22, 1, 0, 1, 1) - self.hashesEdit = QtWidgets.QLineEdit(parent=self.securityOptionsTab) - self.hashesEdit.setClearButtonEnabled(True) - self.hashesEdit.setObjectName("hashesEdit") - self.gridLayout_7.addWidget(self.hashesEdit, 1, 1, 1, 1) - self.typedExceptionsCheckBox = QtWidgets.QCheckBox(parent=self.securityOptionsTab) + self.verticalLayout_13.addWidget(self.groupBox_11) + self.typedExceptionsCheckBox = QtWidgets.QCheckBox(parent=self.scrollAreaWidgetContents_2) self.typedExceptionsCheckBox.setObjectName("typedExceptionsCheckBox") - self.gridLayout_7.addWidget(self.typedExceptionsCheckBox, 4, 0, 1, 2) - self.tmpDirectoriesEdit = QtWidgets.QPlainTextEdit(parent=self.securityOptionsTab) - self.tmpDirectoriesEdit.setObjectName("tmpDirectoriesEdit") - self.gridLayout_7.addWidget(self.tmpDirectoriesEdit, 0, 1, 1, 1) + self.verticalLayout_13.addWidget(self.typedExceptionsCheckBox) + self.groupBox_21 = QtWidgets.QGroupBox(parent=self.scrollAreaWidgetContents_2) + self.groupBox_21.setObjectName("groupBox_21") + self.gridLayout_7 = QtWidgets.QGridLayout(self.groupBox_21) + self.gridLayout_7.setObjectName("gridLayout_7") + self.label_39 = QtWidgets.QLabel(parent=self.groupBox_21) + self.label_39.setObjectName("label_39") + self.gridLayout_7.addWidget(self.label_39, 0, 0, 1, 1) + self.additionalMarkupNamesEdit = QtWidgets.QPlainTextEdit(parent=self.groupBox_21) + self.additionalMarkupNamesEdit.setMaximumSize(QtCore.QSize(16777215, 200)) + self.additionalMarkupNamesEdit.setObjectName("additionalMarkupNamesEdit") + self.gridLayout_7.addWidget(self.additionalMarkupNamesEdit, 0, 1, 1, 1) + self.label_40 = QtWidgets.QLabel(parent=self.groupBox_21) + self.label_40.setObjectName("label_40") + self.gridLayout_7.addWidget(self.label_40, 1, 0, 1, 1) + self.allowedEscapeFunctionsEdit = QtWidgets.QPlainTextEdit(parent=self.groupBox_21) + self.allowedEscapeFunctionsEdit.setMaximumSize(QtCore.QSize(16777215, 200)) + self.allowedEscapeFunctionsEdit.setObjectName("allowedEscapeFunctionsEdit") + self.gridLayout_7.addWidget(self.allowedEscapeFunctionsEdit, 1, 1, 1, 1) + self.verticalLayout_13.addWidget(self.groupBox_21) + self.scrollArea_2.setWidget(self.scrollAreaWidgetContents_2) + self.verticalLayout_21.addWidget(self.scrollArea_2) self.optionsTabWidget.addTab(self.securityOptionsTab, "") self.importOptionsTab = QtWidgets.QWidget() self.importOptionsTab.setObjectName("importOptionsTab") @@ -782,12 +816,12 @@ self.verticalLayout_8.addItem(spacerItem21) self.horizontalLayout_4.addLayout(self.verticalLayout_8) self.mainWidget.addTab(self.resultsTab, "") - self.verticalLayout_13.addWidget(self.mainWidget) + self.verticalLayout_22.addWidget(self.mainWidget) self.buttonBox = QtWidgets.QDialogButtonBox(parent=CodeStyleCheckerDialog) self.buttonBox.setOrientation(QtCore.Qt.Orientation.Horizontal) self.buttonBox.setStandardButtons(QtWidgets.QDialogButtonBox.StandardButton.Close) self.buttonBox.setObjectName("buttonBox") - self.verticalLayout_13.addWidget(self.buttonBox) + self.verticalLayout_22.addWidget(self.buttonBox) self.retranslateUi(CodeStyleCheckerDialog) self.mainWidget.setCurrentIndex(0) @@ -845,7 +879,8 @@ CodeStyleCheckerDialog.setTabOrder(self.typeIgnoreCheckBox, self.dispatchDecoratorEdit) CodeStyleCheckerDialog.setTabOrder(self.dispatchDecoratorEdit, self.overloadDecoratorEdit) CodeStyleCheckerDialog.setTabOrder(self.overloadDecoratorEdit, self.exemptedTypingSymbolsEdit) - CodeStyleCheckerDialog.setTabOrder(self.exemptedTypingSymbolsEdit, self.tmpDirectoriesEdit) + CodeStyleCheckerDialog.setTabOrder(self.exemptedTypingSymbolsEdit, self.scrollArea_2) + CodeStyleCheckerDialog.setTabOrder(self.scrollArea_2, self.tmpDirectoriesEdit) CodeStyleCheckerDialog.setTabOrder(self.tmpDirectoriesEdit, self.hashesEdit) CodeStyleCheckerDialog.setTabOrder(self.hashesEdit, self.insecureSslProtocolsEdit) CodeStyleCheckerDialog.setTabOrder(self.insecureSslProtocolsEdit, self.dsaHighRiskCombo) @@ -855,7 +890,9 @@ CodeStyleCheckerDialog.setTabOrder(self.rsaMediumRiskCombo, self.ecHighRiskCombo) CodeStyleCheckerDialog.setTabOrder(self.ecHighRiskCombo, self.ecMediumRiskCombo) CodeStyleCheckerDialog.setTabOrder(self.ecMediumRiskCombo, self.typedExceptionsCheckBox) - CodeStyleCheckerDialog.setTabOrder(self.typedExceptionsCheckBox, self.appPackagesEdit) + CodeStyleCheckerDialog.setTabOrder(self.typedExceptionsCheckBox, self.additionalMarkupNamesEdit) + CodeStyleCheckerDialog.setTabOrder(self.additionalMarkupNamesEdit, self.allowedEscapeFunctionsEdit) + CodeStyleCheckerDialog.setTabOrder(self.allowedEscapeFunctionsEdit, self.appPackagesEdit) CodeStyleCheckerDialog.setTabOrder(self.appPackagesEdit, self.bannedModulesEdit) CodeStyleCheckerDialog.setTabOrder(self.bannedModulesEdit, self.allowAllButton) CodeStyleCheckerDialog.setTabOrder(self.allowAllButton, self.banParentsButton) @@ -999,6 +1036,11 @@ self.exemptedTypingSymbolsEdit.setToolTip(_translate("CodeStyleCheckerDialog", "Enter deprecated symbols of the \'typing\' module exempted from PEP-585 checking separated by space")) self.optionsTabWidget.setTabText(self.optionsTabWidget.indexOf(self.typeAnnotationsTab), _translate("CodeStyleCheckerDialog", "Annotations")) self.label_21.setText(_translate("CodeStyleCheckerDialog", "Hardcoded \'tmp\' Directories:")) + self.tmpDirectoriesEdit.setToolTip(_translate("CodeStyleCheckerDialog", "Enter directory names (one per line) to be checked for")) + self.label_22.setText(_translate("CodeStyleCheckerDialog", "Insecure Hashes:")) + self.hashesEdit.setToolTip(_translate("CodeStyleCheckerDialog", "Enter a list of hash methods to be considered insecure separated by comma")) + self.label_23.setText(_translate("CodeStyleCheckerDialog", "Insecure SSL Protocols:")) + self.insecureSslProtocolsEdit.setToolTip(_translate("CodeStyleCheckerDialog", "Enter the names of insecure SSL protocols and methods (one per line)")) self.groupBox_11.setTitle(_translate("CodeStyleCheckerDialog", "Weak Cryptographic Keys")) self.groupBox_12.setTitle(_translate("CodeStyleCheckerDialog", "DSA")) self.label_24.setText(_translate("CodeStyleCheckerDialog", "High Risk:")) @@ -1015,13 +1057,13 @@ self.ecHighRiskCombo.setToolTip(_translate("CodeStyleCheckerDialog", "Select the bit length below which an Elliptic Curve is to be considered very weak")) self.label_29.setText(_translate("CodeStyleCheckerDialog", "Medium Risk:")) self.ecMediumRiskCombo.setToolTip(_translate("CodeStyleCheckerDialog", "Select the bit length below which an Elliptic Curve is to be considered weak")) - self.insecureSslProtocolsEdit.setToolTip(_translate("CodeStyleCheckerDialog", "Enter the names of insecure SSL protocols and methods (one per line)")) - self.label_23.setText(_translate("CodeStyleCheckerDialog", "Insecure SSL Protocols:")) - self.label_22.setText(_translate("CodeStyleCheckerDialog", "Insecure Hashes:")) - self.hashesEdit.setToolTip(_translate("CodeStyleCheckerDialog", "Enter a list of hash methods to be considered insecure separated by comma")) self.typedExceptionsCheckBox.setToolTip(_translate("CodeStyleCheckerDialog", "Select to also check for insecure exception handling for typed exceptions")) self.typedExceptionsCheckBox.setText(_translate("CodeStyleCheckerDialog", "Check Typed Exceptions")) - self.tmpDirectoriesEdit.setToolTip(_translate("CodeStyleCheckerDialog", "Enter directory names (one per line) to be checked for")) + self.groupBox_21.setTitle(_translate("CodeStyleCheckerDialog", "\'markupsafe\' XSS")) + self.label_39.setText(_translate("CodeStyleCheckerDialog", "Additional Markup Names:")) + self.additionalMarkupNamesEdit.setToolTip(_translate("CodeStyleCheckerDialog", "Enter the names (one per line) of additional markup functions")) + self.label_40.setText(_translate("CodeStyleCheckerDialog", "Allowed Calls:")) + self.allowedEscapeFunctionsEdit.setToolTip(_translate("CodeStyleCheckerDialog", "Enter names (one per line) of safe escape functions")) self.optionsTabWidget.setTabText(self.optionsTabWidget.indexOf(self.securityOptionsTab), _translate("CodeStyleCheckerDialog", "Security")) self.groupBox_15.setTitle(_translate("CodeStyleCheckerDialog", "Application Packages")) self.label_35.setText(_translate("CodeStyleCheckerDialog", "Enter top level application package names separated by a space character:"))
