Home ⌂Doc Index ◂Up ▴

eric6.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.djangoXssVulnerability

Module implementing checks for potential XSS vulnerability.

Global Attributes

None

Classes

DeepAssignation Class to perform a deep analysis of an assign.

Functions

checkDjangoXssVulnerability Function to check for potential XSS vulnerability.
checkPotentialRisk Function to check a given node for a potential XSS vulnerability.
evaluateCall Function to evaluate a call node for potential XSS vulnerability.
evaluateVar Function to evaluate a variable node for potential XSS vulnerability.
getChecks Public method to get a dictionary with checks handled by this module.
transform2call Function to transform a variable node to a call node.

DeepAssignation

Class to perform a deep analysis of an assign.

Derived from

object

Class Attributes

None

Class Methods

None

Methods

DeepAssignation Constructor
isAssigned Public method to check assignment against a given node.
isAssignedIn Public method to check, if the variable is assigned to.

Static Methods

None

DeepAssignation (Constructor)

DeepAssignation(varName, ignoreNodes=None)

Constructor

varName (str)
name of the variable
ignoreNodes (list of ast.AST)
list of nodes to ignore

DeepAssignation.isAssigned

isAssigned(node)

Public method to check assignment against a given node.

node (ast.AST)
node to check against
Returns:
flag indicating an assignement
Return Type:
bool

DeepAssignation.isAssignedIn

isAssignedIn(items)

Public method to check, if the variable is assigned to.

items (list of ast.AST)
list of nodes to check against
Returns:
list of nodes assigned
Return Type:
list of ast.AST
Up

checkDjangoXssVulnerability

checkDjangoXssVulnerability(reportError, context, config)

Function to check for potential XSS vulnerability.

reportError (func)
function to be used to report errors
context (SecurityContext)
security context object
config (dict)
dictionary with configuration data
Up

checkPotentialRisk

checkPotentialRisk(reportError, node)

Function to check a given node for a potential XSS vulnerability.

reportError (func)
function to be used to report errors
node (ast.Call)
node to be checked
Up

evaluateCall

evaluateCall(call, parent, ignoreNodes=None)

Function to evaluate a call node for potential XSS vulnerability.

call (ast.Call)
call node to be checked
parent (ast.AST)
parent node
ignoreNodes (list of ast.AST)
list of nodes to ignore
Returns:
flag indicating a secure evaluation
Return Type:
bool
Up

evaluateVar

evaluateVar(xssVar, parent, until, ignoreNodes=None)

Function to evaluate a variable node for potential XSS vulnerability.

xssVar (ast.Name)
variable node to be checked
parent (ast.AST)
parent node
until (int)
end line number to evaluate variable against
ignoreNodes (list of ast.AST)
list of nodes to ignore
Returns:
flag indicating a secure evaluation
Return Type:
bool
Up

getChecks

getChecks()

Public method to get a dictionary with checks handled by this module.

Returns:
dictionary containing checker lists containing checker function and list of codes
Return Type:
dict
Up

transform2call

transform2call(var)

Function to transform a variable node to a call node.

var (ast.BinOp)
variable node
Returns:
call node
Return Type:
ast.Call
Up


Home ⌂Doc Index ◂Up ▴