eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.injectionSql

Module implementing a check for SQL injection.

Global Attributes

SIMPLE_SQL_RE

Classes

None

Functions

_checkString Function to check a given string against the list of search patterns.
_evaluateAst Function to analyze the given ast node.
checkHardcodedSqlExpressions Function to check for SQL injection.
getChecks Public method to get a dictionary with checks handled by this module.


_checkString

_checkString(data)

Function to check a given string against the list of search patterns.

data (str)
string data to be checked
Return:
flag indicating a match
Return Type:
bool
Up


_evaluateAst

_evaluateAst(node)

Function to analyze the given ast node.

node (ast.Constant)
ast node to be analyzed
Return:
tuple containing a flag indicating an execute call, the resulting statement and a flag indicating a string replace call
Return Type:
tuple of (bool, str, bool)
Up


checkHardcodedSqlExpressions

checkHardcodedSqlExpressions(reportError, context, _config)

Function to check for SQL injection.

reportError (func)
function to be used to report errors
context (SecurityContext)
security context object
_config (dict)
dictionary with configuration data (unused)
Up


getChecks

getChecks()

Public method to get a dictionary with checks handled by this module.

Return:
dictionary containing checker lists containing checker function and list of codes
Return Type:
dict
Up