B 0zfq@sdZddlZddlZddlZddlZddlZddlmZmZm Z m Z m Z m Z m Z mZddlZejdkrvddlZejZnejZddlmZeddeddDd kZerddlZnddlZd Zd Zd Z d Z!d"ddgZ#dZ$d"ddgZ%dZ&dZ'dZ(d"ddgZ)dZ*dZ+dZ,dZ-dZ.dZ/dZ0d Z1d!Z2d"Z3d#d$Z4d%d&Z5e5Z6ej7eee ee eefe8d'd(d)Z9ej7e8d*d+d,Z:ej7e8d*d-d.Z;d/d0Zej7e8d*d5d6Z?ej7e8d*d7d8Z@ej7e8d*d9d:ZAejBejCejDejEejFejGiZHejIejJejKejLejMejNejOejPejQejRejSejTejUejVejWejXejYejZi Z[d;Z\dd?Z^Gd@dAdAej_Z`GdBdCdCZadS)Dz7Main file for the flake8_secure_coding_standard plugin.N)AnyAnyStrDict GeneratorListTupleTypeUnion)ccs|]}t|VqdS)N)int).0sr`/home/ankuromar296_gmail_com/.local/lib/python3.7/site-packages/flake8_secure_coding_standard.py $srflake8.)r r rizfSCS100 use of os.path.abspath() and os.path.relpath() should be avoided in favor of os.path.realpath()zLSCS101 `eval()` and `exec()` represent a security risk and should be avoidedz-SCS102 use of `os.system()` should be avoided zgSCS103 use of `shell=True` in subprocess functions or use of functions that internally set it should beZavoidedzPSCS104 use of `tempfile.mktemp()` should be avoided, prefer `tempfile.mkstemp()`zKSCS105 use of `yaml.load()` should be avoided, prefer `yaml.safe_load()` orz#`yaml.load(xxx, Loader=SafeLoader)`z5SCS106 use of `jsonpickle.decode()` should be avoidedzRSCS107 debugging code should not be present in production code (e.g. `import pdb`)zCSCS108 `assert` statements should not be present in production codezgSCS109 Use of builtin `open` for writing is discouraged in favor of `os.open` to allow for setting fileZ permissionszhSCS110 Use of `os.popen()` should be avoided, as it internally uses `subprocess.Popen` with `shell=True`zXSCS111 Use of `shlex.quote()` should be avoided on non-POSIX platforms (such as Windows)zCSCS112 Avoid using `os.open` with unsafe permissions (should be {})z7SCS113 Avoid using `pickle.load()` and `pickle.loads()`z9SCS114 Avoid using `marshal.load()` and `marshal.loads()`z"SCS115 Avoid using `shelve.open()`z[SCS116 Avoid using `os.mkdir` and `os.makedirs` with unsafe file permissions (should be {})zJSCS117 Avoid using `os.mkfifo` with unsafe file permissions (should be {})zISCS118 Avoid using `os.mknod` with unsafe file permissions (should be {})zWSCS119 Avoid using `os.chmod` with unsafe file permissions (W ^ X for group and others)c s dd|}dd|dD}t|dkryfdd|D}Wn4tk rz}ztd|d |Wd d }~XYnX|std |d |Sn|r|d ry|Stk r}z4|dkr|S|dkrd Std|d|d|Wd d }~XYnXntd|d|dd S)a Read an integer or list of integer configuration option. Args: name (str): Name of option value (str): Value of option from the configuration file or on the CLI. Its value can be any of: - 'yes', 'y', 'true' (case-insensitive) The maximum mode value is then set to self.DEFAULT_MAX_MODE - a single octal or decimal integer The maximum mode value is then set to that integer value - a comma-separated list of integers (octal or decimal) The allowed mode values are then those found in the list - anything else will count as a falseful value default (int,list): Default value for option if set to one of ('y', 'yes', 'true') in the configuration file or on the CLI Returns: A single integer or a (possibly empty) list of integers Raises: ValueError: if the value of the option is not valid cSs(y t|dStk r"t|SXdS)Nr )r ValueError)argrrr _str_to_intps z,_read_octal_mode_option.._str_to_intcSsg|] }|qSr)strip)r moderrr wsz+_read_octal_mode_option..,csg|]}|r|qSrr)r r)rrrr|szUnable to convert z elements to integers!NzCalculated empty value for `z`!r)yyestrue)nnofalsezInvalid value for `z`: !)lowersplitlenr)namevaluedefaultmodes allowed_modeserrorr)rr_read_octal_mode_optionXs* $,r-cCs tdkS)z6Return True if the current system is POSIX-compatible.)LinuxDarwin)platformsystemrrrr _is_posixsr2)nodemodulefunctionreturncCsLt|ttfs|f}t|jtjoJt|jjtjoJ|jjj|koJ|jj |kS)N) isinstancelisttuplefuncast Attributer(Nameidattr)r3r4r5rrr_is_function_calls r@)r3r6cCsxt|jtjovt|jjtjr,|jjjdkslt|jjtjov|jjjdkovt|jjjtjov|jjjjdkov|jjdkS)Noppathos)abspathrelpath)r7r:r;r<r(r=r>r?)r3rrr_is_os_path_callsrFcst|jtjr|jjdkrdt|jdkr~t|jdtjrBdSt|jdtr^|jdjt|jdtj r|jdj n4x2|j D](}|j dkrt|jtsdS|jjPqWt fdddDrdSd S) NopenrTrc3s|]}|kVqdS)Nr)r m)rrrrsz/_is_builtin_open_for_writing..awxF)r7r:r;r=r>r&args ast_Constantr(Strrkeywordsrany)r3keywordr)rr_is_builtin_open_for_writings$    rQcCsvd}d}t|j|kr"|j|}n(|jrJx |jD]}|jdkr0|j}Pq0W|rrt|tr`|j}nt|tjrr|j }|S)Nr) r&rKrNrr(r7rLr;Numr )r3args_idxrZ node_internrPrrr _get_mode_args     rTcCs$t||d}|dk r |r ||kSdS)N)rST)rT)r3r+rSrrrr_is_allowed_modes  rUcCst|jtjrt|jjtjs"dS|jjjdkr|jjdkrx4|jD]*}|j dkrDt|jt rDt |jjrDdSqDWt |j dkrt|j dt rt |j djrdS|jjdkrdS|jjjdkr|jjd ks|jjjd kr|jjd krdSdS) NF) subprocesssp)call check_call check_outputPopenrunshellTr ) getoutputgetstatusoutputasynciocreate_subprocess_shellloopsubprocess_shell)r7r:r;r<r(r=r>r?rNrrLboolr&rK)r3rPrrr_is_shell_true_calls  ". recCsRt|jtjr0t|jjtjr0|jjjdkr0dSt|jtjrN|jjdkrNdSdS)NpdbTZPdbF)r7r:r;r<r(r=r>)r3rrr _is_pdb_call s rgcCs@t|jtjr|jjdkrdSt|jtjr<|jjdkr)r3rrr_is_mktemp_calls  ricCs8d}d}t|jtjrt|jjtjr|jjjdkr|jjdkrJdS|jjdkrxF|jD]<}|j dkr`t|jtjr`|jj|krdS|jj|kr`dSq`Wt |j d kst|j d tjr|j d j|kst|j d tjr|j d jjdkr|j d j|krdSt|jtjr4|jjdkr4dSdS) N)Z BaseLoaderZ SafeLoader)LoaderZ UnsafeLoaderZ FullLoaderyaml)Z unsafe_loadZ full_loadTloadrjFr) r7r:r;r<r(r=r>r?rNrr&rK)r3Z _safe_loadersZ_unsafe_loadersrPrrr_is_yaml_unsafe_call)s,2    $ rn)S_ISUIDS_ISGIDS_ENFMTS_ISVTXS_IREADS_IWRITES_IEXECS_IRWXUS_IRUSRS_IWUSRS_IXUSRS_IRWXGS_IRGRPS_IWGRPS_IXGRPS_IRWXOS_IROTHS_IWOTHS_IXOTHcCst|tjr"|jtkr"tt|jSt|tjr^t|jtjr^|j tkr^|jjdkr^tt|j St|tj rt t |j t|jSt|tjrtt |j t|jt|jStdt|dS)z Extract the mode constant of a node. Args: node: an AST node Raises: ValueError: if a node is encountered that cannot be processed statz!Do not know how to process node: N)r7r;r=r>_chmod_known_mode_valuesgetattrrr<r(r?UnaryOp_unoptyperA_chmod_get_modeoperandBinOp_binopleftrightrdump)r3rrrrs         rcCstdkrdSyRd}t|jdkr4t|jd}n,|jr`x$|jD]}|jdkrBt|j}PqBWWntk rvdSX|dkrt dt |t j t j Bt jBt jB@SdS)NWindowsFrrz5Unable to extract `mode` argument from function call!)r0r1r&rKrrNrr(r RuntimeErrorrdrr|r}rr)r3r*rPrrr_chmod_has_wx_for_gos      rc@seZdZdZgZdZgZdZgZdZ gZ dZ e de dedediZddZed d Zd d d dZejd dddZejd dddZejd dddZejd dddZejd dddZd S)Visitorz!AST visitor class for the plugin.rHrGmkdirmkfifomknodcCs |j|S)zFormat a mode message.) __class__format_mode_msg)selfmsg_idrrr_format_mode_msgszVisitor._format_mode_msgcCs|t|d|j|dS)zFormat a mode message.os__modes_msg_arg)formatr mode_msg_map)clsrrrrrszVisitor.format_mode_msgN)r6cCsg|_i|_dS)zInitialize a Visitor object.N)errorsZ _from_imports)rrrr__init__szVisitor.__init__)r3r6cCst|r"|j|j|jtfnjt|rD|j|j|jtfnHt|rf|j|j|jt fn&t |dddr|j|j|jt fnt |dddr|j|j|jt fnt |r|j|j|jtfnt |dddr|j|j|jtfnt|r&|j|j|jtfnft|rJ|j|j|jtfnBt|jtjr|jjdkr|j|j|jtfn tst |dd dr|j|j|jtfnt |dd dr|jrt||jd d s|j|j|j|tfnt |d ddr(|j|j|jt fndt |dddrR|j|j|jt!fn:t |dd dr||j|j|jt"fnt |dddrt#|r|j|j|jt$fnt%rt |dddr|j&rt||j&dd s|j|j|j|t'fnt |dddrF|j(rFt||j(dd sF|j|j|j|t)fnFt |dddr|j*rt||j*dd s|j|j|j|t+f|,|dS)z)Visitor method called for ast.Call nodes.Z jsonpickledecode)r4r5rCr1popen)evalexecshlexquoterGrm)rSpickle)rlloadsmarshalshelvechmod)rmakedirsrrrN)-rgrappendlineno col_offsetSCS107riSCS104rnSCS105r@SCS106SCS102rFSCS100SCS110reSCS103rQSCS109r7r:r;r=r>SCS101r2SCS111os_open_modes_allowedrUrSCS112SCS113SCS114SCS115rSCS119_is_unixos_mkdir_modes_allowedSCS116os_mkfifo_modes_allowedSCS117os_mknod_modes_allowedSCS118 generic_visit)rr3rrr visit_Calls`   zVisitor.visit_CallcCs>x.|jD]$}|jdkr|j|j|jtfqW||dS)z+Visitor method called for ast.Import nodes.rfN)namesr'rrrrrr)rr3aliasrrr visit_Imports  zVisitor.visit_ImportcCsx|jD]}|jdkr$|jdks.|jdkrF|j|j|jtfq |jdkrr|jdkrr|j|j|jtfq |jdkr|jdkr|j|j|jt fq |jdkr|jdks|jd kr|jd kr|j|j|jt fq |jd kr|jd kr|j|j|jt fq |jd kr>|jd kr>|j|j|jt fq t sv|jdkrv|jdkrv|j|j|jtfq |jdkr|jdkr|j|j|jtfq |jdkr|jdkr|j|j|jtfq |jdkr |jdkr |j|j|jtfq W||dS)z/Visitor method called for ast.ImportFrom nodes.Nrftempfilerh)zos.pathrA)rErDrV)r^r_r`rarCr1rrrr)rlrrrrG)rr4r'rrrrrrrrrrr2rrrrr)rr3rrrrvisit_ImportFroms. zVisitor.visit_ImportFromcCsx|jD]}t|jtjrt|jr<|j|j|j t fqt |jdddr|t |j|j dds||j|j|j |tfqt |jdddr|j|j|j tfqWdS)z)Visitor method called for ast.With nodes.rCrG)r4r5rm)rSrN)itemsr7Z context_exprr;CallrQrrrrrr@rUrrrr)rr3itemrrr visit_WithTs  zVisitor.visit_WithcCs$|j|j|jtf||dS)z+Visitor method called for ast.Assert nodes.N)rrrrSCS108r)rr3rrr visit_AssertaszVisitor.visit_Assert) __name__ __module__ __qualname____doc__rZos_mkdir_modes_msg_argrZos_mkfifo_modes_msg_argrZos_mknod_modes_msg_argrZos_open_modes_msg_argrrrrrr classmethodrrr;rrImportr ImportFromrWithrAssertrrrrrrs* < 5 rc@seZdZdZeZeeZejdddZ e e j j jddddZe e j j jddd d Ze e j j jddd d Ze dd ddZeeeeeeefddfd ddZdS)Pluginz Plugin class.)treecCs ||_dS)zInitialize a Plugin object.N)_tree)rrrrrrmszPlugin.__init__N)option_managerr6c Csndtdddddfdtdddd dfd tddd d dfd tdddddff}tr^|||n |||dS)zAdd command line options.z--os-mkdir-modeTF os_mkdir_modezRIf provided, configure how 'mode' parameter of the os.mkdir() function are handled)rZparse_from_configr)desthelpz--os-mkfifo-modeos_mkfifo_modezSIf provided, configure how 'mode' parameter of the os.mkfifo() function are handledz--os-mknod-mode os_mknod_modezRIf provided, configure how 'mode' parameter of the os.mknod() function are handledz--os-open-mode os_open_modezQIf provided, configure how 'mode' parameter of the os.open() function are handledN)str _use_optparseadd_options_optparseadd_options_argparse)rr options_datarrr add_optionsqs6 zPlugin.add_optionscCs:dd}d|d}x"|D]\}}|j|f||qWdS)z(Add command line options using optparse.cSs t|j|jt|j|tdS)zOctal mode option callback.N)setattrvaluesrr-_DEFAULT_MAX_MODE)option_r(parserrrroctal_mode_option_callbacksz?Plugin.add_options_optparse..octal_mode_option_callbackcallback)actionrN) add_option)rrrrropt_strkwargsrrrrs zPlugin.add_options_optparsecCsBGdddtj}d|i}x"|D]\}}|j|f||q WdS)z(Add command line options using argparse.c@seZdZdZdddZdS)z4Plugin.add_options_argparse..OctalModeActionz$Action class for octal mode options.NcSst||jt|j|tdS)N)rrr-r)rr namespacer option_stringrrr__call__sz=Plugin.add_options_argparse..OctalModeAction.__call__)N)rrrrrrrrrOctalModeActionsrrN)argparseActionr)rrrrrrrrrrrszPlugin.add_options_argparse)r6cCs<dd}|d|j|d|j|d|j|d|jdS)zParse command line options.cSst|trT|dkrTttd|dttd|dttd|ddt|nT|rttd|d|ttd|dddd |Dnttd|ddS) NrrZ_modes_allowedrrz 0 < mode < zmode in cSsg|] }t|qSr)oct)r rrrrrszBPlugin.parse_options.._set_mode_option..) r7r rrr8rangerrclear)r'r*rrr_set_mode_options" &z.Plugin.parse_options.._set_mode_optionrrrrGN)rrrr)roptionsrrrr parse_optionss    zPlugin.parse_optionsccs>t}||jx&|jD]\}}}|||t|fVqWdS)zEntry point for flake8.N)rvisitrrr)rvisitorlinecolmsgrrrr\s z Plugin.run)rrrrr'importlib_metadataversionr;ASTrrrrmanagerZ OptionManagerrrrrrrr rrrr\rrrrrgs 2  r)brr;operatorr0rsystypingrrrrrrrr Zflake8.options.managerr version_infor  NameConstantrLConstantimportlib.metadatametadatar9r r%roptparserrrrrjoinrrrrrrrrrrrrrrrrrr-r2rrrdr@rFrQrTrUrergrirnUSubnegNotnot_InvertinvrAddaddSubsubMultmulDivtruedivFloorDivfloordivModmodBitXorxorBitOror_BitAndand_rrrr NodeVisitorrrrrrrs(  " <( 6 1