Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def get_bad_kwarg_use_implementation(kwargs):
class Cls(dlint.linters.helpers.bad_kwarg_use.BadKwargUseLinter):
_code = 'DUOXXX'
_error_tmpl = 'DUOXXX error message'
@property
def kwargs(self):
return kwargs
return Cls()
from __future__ import (
absolute_import,
division,
print_function,
unicode_literals,
)
import functools
from .helpers import bad_kwarg_use
from .. import tree
class BadItsDangerousKwargUseLinter(bad_kwarg_use.BadKwargUseLinter):
"""This linter looks for unsafe use of itsdangerous keyword arguments. These
keyword arguments may indicate insecure signing is being performed.
"""
off_by_default = False
_code = 'DUO137'
_error_tmpl = 'DUO137 insecure "itsdangerous" use allowing empty signing'
@property
def kwargs(self):
def none_algorithm_predicate(call, kwarg_name):
return tree.kwarg_any([
functools.partial(
tree.kwarg_module_path_call,
call,
kwarg_name,
#!/usr/bin/env python
from __future__ import (
absolute_import,
division,
print_function,
unicode_literals,
)
from .helpers import bad_kwarg_use
from .. import tree
class BadDuoClientUseLinter(bad_kwarg_use.BadKwargUseLinter):
"""This linter looks for unsafe HTTP use when using the "duo_client" module.
"""
off_by_default = False
_code = 'DUO127'
_error_tmpl = 'DUO127 use of "ca_certs=HTTP|DISABLE" is insecure in "duo_client" module'
@property
def kwargs(self):
def http_or_disable(call, kwarg_name):
return (
tree.kwarg_str(call, kwarg_name, "HTTP")
or tree.kwarg_str(call, kwarg_name, "DISABLE")
)
return [
#!/usr/bin/env python
from __future__ import (
absolute_import,
division,
print_function,
unicode_literals,
)
from .helpers import bad_kwarg_use
from .. import tree
class BadXmlrpcUseLinter(bad_kwarg_use.BadKwargUseLinter):
"""This linter looks for unsage usage of the
"SimpleXMLRPCServer.register_instance" function. Note that in Python 3
this module is called "xmlrpc.server", but this linter still works because
the attribute name is the same. Unsafe usage looks like:
"Enabling the allow_dotted_names option allows intruders to access your
module's global variables and may allow intruders to execute arbitrary
code on your machine. Only use this option on a secure, closed network."
https://docs.python.org/2/library/simplexmlrpcserver.html
"""
off_by_default = False
_code = 'DUO124'
_error_tmpl = 'DUO124 instance with "allow_dotted_names" enabled is insecure'
from __future__ import (
absolute_import,
division,
print_function,
unicode_literals,
)
import functools
from .helpers import bad_kwarg_use
from .. import tree
class BadOneLoginKwargUseLinter(bad_kwarg_use.BadKwargUseLinter):
"""This linter looks for unsafe use of OneLogin SAML keyword arguments.
These arguments may indicate weaknesses in SAML authentication support.
"""
off_by_default = False
_code = 'DUO128'
_error_tmpl = 'DUO128 insecure "OneLogin" SAML function call'
@property
def kwargs(self):
def missing_or_string(s, call, kwarg_name):
return (
tree.kwarg_not_present(call, kwarg_name)
or tree.kwarg_str(call, kwarg_name, s)
)
#!/usr/bin/env python
from __future__ import (
absolute_import,
division,
print_function,
unicode_literals,
)
from .helpers import bad_kwarg_use
from .. import tree
class BadSubprocessUseLinter(bad_kwarg_use.BadKwargUseLinter):
"""This linter looks for use of the "shell=True" kwarg when using the
"subprocess" module.
"If the shell is invoked explicitly, via shell=True, it is the
application's responsibility to ensure that all whitespace and
metacharacters are quoted appropriately to avoid shell injection
vulnerabilities."
https://docs.python.org/3.6/library/subprocess.html#security-considerations
"""
off_by_default = False
_code = 'DUO116'
_error_tmpl = 'DUO116 use of "shell=True" is insecure in "subprocess" module'
@property
#!/usr/bin/env python
from __future__ import (
absolute_import,
division,
print_function,
unicode_literals,
)
from .helpers import bad_kwarg_use
from .. import tree
class BadRequestsUseLinter(bad_kwarg_use.BadKwargUseLinter):
"""This linter looks for use of the "verify=False" kwarg when using the
"requests" module. SSL verification is good, use SSL verification.
http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification
"""
off_by_default = False
_code = 'DUO123'
_error_tmpl = 'DUO123 use of "verify=False" is insecure in "requests" module'
@property
def kwargs(self):
return [
{
"module_path": "requests.request",
"kwarg_name": "verify",
#!/usr/bin/env python
from __future__ import (
absolute_import,
division,
print_function,
unicode_literals,
)
from .helpers import bad_kwarg_use
from .. import tree
class BadDefusedxmlUseLinter(bad_kwarg_use.BadKwargUseLinter):
"""This linter looks for lack of "defusedxml" parsing defenses. The
"defusedxml" library offers "forbid_dtd", "forbid_entities", and
"forbid_external" keyword arguments to prevent various XML attack
vectors[1]. All defenses should be enabled.
[1] https://pypi.org/project/defusedxml/
"""
off_by_default = False
_code = 'DUO135'
_error_tmpl = 'DUO135 enable all "forbid_*" defenses when using "defusedxml" parsing'
@property
def kwargs(self):
return [
{
from __future__ import (
absolute_import,
division,
print_function,
unicode_literals,
)
import functools
from .helpers import bad_kwarg_use
from .. import tree
class BadUrllib3KwargUseLinter(bad_kwarg_use.BadKwargUseLinter):
"""This linter looks for unsafe use of urllib3 keyword arguments. These
keyword arguments may indicate insecure connections are being performed.
"""
off_by_default = False
_code = 'DUO132'
_error_tmpl = 'DUO132 "urllib3" certificate verification disabled, insecure connections possible'
@property
def kwargs(self):
# See 'urllib3.util.ssl_.resolve_cert_reqs' for more information
def unverified_cert_reqs(call, kwarg_name):
return tree.kwarg_any([
functools.partial(
tree.kwarg_str,
call,