eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.djangoXssVulnerability
Module implementing checks for potential XSS vulnerability.
Global Attributes
Classes
Functions
| checkDjangoXssVulnerability | Function to check for potential XSS vulnerability. | 
| checkPotentialRisk | Function to check a given node for a potential XSS vulnerability. | 
| evaluateCall | Function to evaluate a call node for potential XSS vulnerability. | 
| evaluateVar | Function to evaluate a variable node for potential XSS vulnerability. | 
| getChecks | Public method to get a dictionary with checks handled by this module. | 
| transform2call | Function to transform a variable node to a call node. | 
DeepAssignation
    Class to perform a deep analysis of an assign.
Derived from
None
Class Attributes
Class Methods
Methods
Static Methods
DeepAssignation (Constructor)
DeepAssignation(varName, ignoreNodes=None)
        Constructor
- varName (str)
- 
name of the variable
- ignoreNodes (list of ast.AST)
- 
list of nodes to ignore
DeepAssignation.isAssigned
isAssigned(node)
        Public method to check assignment against a given node.
- node (ast.AST)
- 
node to check against
- Return:
- 
flag indicating an assignement
- Return Type:
- 
bool
DeepAssignation.isAssignedIn
isAssignedIn(items)
        Public method to check, if the variable is assigned to.
- items (list of ast.AST)
- 
list of nodes to check against
- Return:
- 
list of nodes assigned
- Return Type:
- 
list of ast.AST
checkDjangoXssVulnerability
checkDjangoXssVulnerability(reportError, context, config)
    Function to check for potential XSS vulnerability.
- reportError (func)
- 
function to be used to report errors
- context (SecurityContext)
- 
security context object
- config (dict)
- 
dictionary with configuration data
checkPotentialRisk
checkPotentialRisk(reportError, node)
    Function to check a given node for a potential XSS vulnerability.
- reportError (func)
- 
function to be used to report errors
- node (ast.Call)
- 
node to be checked
evaluateCall
evaluateCall(call, parent, ignoreNodes=None)
    Function to evaluate a call node for potential XSS vulnerability.
- call (ast.Call)
- 
call node to be checked
- parent (ast.AST)
- 
parent node
- ignoreNodes (list of ast.AST)
- 
list of nodes to ignore
- Return:
- 
flag indicating a secure evaluation
- Return Type:
- 
bool
evaluateVar
evaluateVar(xssVar, parent, until, ignoreNodes=None)
    Function to evaluate a variable node for potential XSS vulnerability.
- xssVar (ast.Name)
- 
variable node to be checked
- parent (ast.AST)
- 
parent node
- until (int)
- 
end line number to evaluate variable against
- ignoreNodes (list of ast.AST)
- 
list of nodes to ignore
- Return:
- 
flag indicating a secure evaluation
- Return Type:
- 
bool
getChecks
getChecks()
    Public method to get a dictionary with checks handled by this module.
- Return:
- 
dictionary containing checker lists containing checker function and
        list of codes
- Return Type:
- 
dict
transform2call
transform2call(var)
    Function to transform a variable node to a call node.
- var (ast.BinOp)
- 
variable node
- Return:
- 
call node
- Return Type:
- 
ast.Call