eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.djangoXssVulnerability

Module implementing checks for potential XSS vulnerability.

Global Attributes

None

Classes

DeepAssignation Class to perform a deep analysis of an assign.

Functions

checkDjangoXssVulnerability Function to check for potential XSS vulnerability.
checkPotentialRisk Function to check a given node for a potential XSS vulnerability.
evaluateCall Function to evaluate a call node for potential XSS vulnerability.
evaluateVar Function to evaluate a variable node for potential XSS vulnerability.
getChecks Public method to get a dictionary with checks handled by this module.
transform2call Function to transform a variable node to a call node.


DeepAssignation

Class to perform a deep analysis of an assign.

Derived from

None

Class Attributes

None

Class Methods

None

Methods

DeepAssignation Constructor
isAssigned Public method to check assignment against a given node.
isAssignedIn Public method to check, if the variable is assigned to.

Static Methods

None

DeepAssignation (Constructor)

DeepAssignation(varName, ignoreNodes=None)

Constructor

varName (str)
name of the variable
ignoreNodes (list of ast.AST)
list of nodes to ignore

DeepAssignation.isAssigned

isAssigned(node)

Public method to check assignment against a given node.

node (ast.AST)
node to check against
Return:
flag indicating an assignement
Return Type:
bool

DeepAssignation.isAssignedIn

isAssignedIn(items)

Public method to check, if the variable is assigned to.

items (list of ast.AST)
list of nodes to check against
Return:
list of nodes assigned
Return Type:
list of ast.AST
Up


checkDjangoXssVulnerability

checkDjangoXssVulnerability(reportError, context, _config)

Function to check for potential XSS vulnerability.

reportError (func)
function to be used to report errors
context (SecurityContext)
security context object
_config (dict)
dictionary with configuration data (unused)
Up


checkPotentialRisk

checkPotentialRisk(reportError, node)

Function to check a given node for a potential XSS vulnerability.

reportError (func)
function to be used to report errors
node (ast.Call)
node to be checked
Up


evaluateCall

evaluateCall(call, parent, ignoreNodes=None)

Function to evaluate a call node for potential XSS vulnerability.

call (ast.Call)
call node to be checked
parent (ast.AST)
parent node
ignoreNodes (list of ast.AST)
list of nodes to ignore
Return:
flag indicating a secure evaluation
Return Type:
bool
Up


evaluateVar

evaluateVar(xssVar, parent, until, ignoreNodes=None)

Function to evaluate a variable node for potential XSS vulnerability.

xssVar (ast.Name)
variable node to be checked
parent (ast.AST)
parent node
until (int)
end line number to evaluate variable against
ignoreNodes (list of ast.AST)
list of nodes to ignore
Return:
flag indicating a secure evaluation
Return Type:
bool
Up


getChecks

getChecks()

Public method to get a dictionary with checks handled by this module.

Return:
dictionary containing checker lists containing checker function and list of codes
Return Type:
dict
Up


transform2call

transform2call(var)

Function to transform a variable node to a call node.

var (ast.BinOp)
variable node
Return:
call node
Return Type:
ast.Call
Up