eric6.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.djangoXssVulnerability

Module implementing checks for potential XSS vulnerability.

Global Attributes

None

Classes

Class to perform a deep analysis of an assign.

Functions

checkDjangoXssVulnerability	Function to check for potential XSS vulnerability.
checkPotentialRisk	Function to check a given node for a potential XSS vulnerability.
evaluateCall	Function to evaluate a call node for potential XSS vulnerability.
evaluateVar	Function to evaluate a variable node for potential XSS vulnerability.
getChecks	Public method to get a dictionary with checks handled by this module.
transform2call	Function to transform a variable node to a call node.

DeepAssignation

Class to perform a deep analysis of an assign.

Derived from

object

Class Attributes

None

Class Methods

None

Methods

DeepAssignation	Constructor
isAssigned	Public method to check assignment against a given node.
isAssignedIn	Public method to check, if the variable is assigned to.

Static Methods

None

DeepAssignation (Constructor)

DeepAssignation(varName, ignoreNodes=None)

Constructor

varName (str): name of the variable
ignoreNodes (list of ast.AST): list of nodes to ignore

DeepAssignation.isAssigned

isAssigned(node)

Public method to check assignment against a given node.

node (ast.AST): node to check against

Returns:: flag indicating an assignement

Return Type:: bool

DeepAssignation.isAssignedIn

isAssignedIn(items)

Public method to check, if the variable is assigned to.

items (list of ast.AST): list of nodes to check against

Returns:: list of nodes assigned

Return Type:: list of ast.AST

checkDjangoXssVulnerability

checkDjangoXssVulnerability(reportError, context, config)

Function to check for potential XSS vulnerability.

reportError (func): function to be used to report errors
context (SecurityContext): security context object
config (dict): dictionary with configuration data

checkPotentialRisk

checkPotentialRisk(reportError, node)

Function to check a given node for a potential XSS vulnerability.

reportError (func): function to be used to report errors
node (ast.Call): node to be checked

evaluateCall

evaluateCall(call, parent, ignoreNodes=None)

Function to evaluate a call node for potential XSS vulnerability.

call (ast.Call): call node to be checked
parent (ast.AST): parent node
ignoreNodes (list of ast.AST): list of nodes to ignore

Returns:: flag indicating a secure evaluation

Return Type:: bool

evaluateVar

evaluateVar(xssVar, parent, until, ignoreNodes=None)

Function to evaluate a variable node for potential XSS vulnerability.

xssVar (ast.Name): variable node to be checked
parent (ast.AST): parent node
until (int): end line number to evaluate variable against
ignoreNodes (list of ast.AST): list of nodes to ignore

Returns:: flag indicating a secure evaluation

Return Type:: bool

getChecks

getChecks()

Public method to get a dictionary with checks handled by this module.

Returns:: dictionary containing checker lists containing checker function and list of codes

Return Type:: dict

transform2call

transform2call(var)

Function to transform a variable node to a call node.

var (ast.BinOp): variable node

Returns:: call node

Return Type:: ast.Call

Home ⌂Doc Index ◂Up ▴