eric7.Plugins.CheckerPlugins.CodeStyleChecker.Security.Checks.djangoXssVulnerability

Module implementing checks for potential XSS vulnerability.

Global Attributes

Classes

Functions

DeepAssignation

Class to perform a deep analysis of an assign.

Derived from

Class Attributes

Class Methods

Methods

Static Methods

DeepAssignation (Constructor)

Constructor

varName (str)

name of the variable

ignoreNodes (list of ast.AST)

list of nodes to ignore

DeepAssignation.isAssigned

Public method to check assignment against a given node.

node (ast.AST)

node to check against

Return:

flag indicating an assignement

Return Type:

bool

DeepAssignation.isAssignedIn

Public method to check, if the variable is assigned to.

items (list of ast.AST)

list of nodes to check against

Return:

list of nodes assigned

Return Type:

list of ast.AST

checkDjangoXssVulnerability

checkPotentialRisk

Function to check a given node for a potential XSS vulnerability.

reportError (func)

function to be used to report errors

node (ast.Call)

node to be checked

evaluateCall

Function to evaluate a call node for potential XSS vulnerability.

call (ast.Call)

call node to be checked

parent (ast.AST)

parent node

ignoreNodes (list of ast.AST)

list of nodes to ignore

Return:

flag indicating a secure evaluation

Return Type:

bool

evaluateVar

Function to evaluate a variable node for potential XSS vulnerability.

xssVar (ast.Name)

variable node to be checked

parent (ast.AST)

parent node

until (int)

end line number to evaluate variable against

ignoreNodes (list of ast.AST)

list of nodes to ignore

Return:

flag indicating a secure evaluation

Return Type:

bool

getChecks

Public method to get a dictionary with checks handled by this module.

Return:

dictionary containing checker lists containing checker function and list of codes

Return Type:

dict

transform2call

Function to transform a variable node to a call node.

var (ast.BinOp)

variable node

Return:

call node

Return Type:

ast.Call