How to use the dlint.linters.helpers.bad_kwarg_use.BadKwargUseLinter function in dlint

To help you get started, we’ve selected a few dlint examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github duo-labs / dlint / tests / test_helpers / test_bad_kwarg_use.py View on Github external
def get_bad_kwarg_use_implementation(kwargs):
    class Cls(dlint.linters.helpers.bad_kwarg_use.BadKwargUseLinter):
        _code = 'DUOXXX'
        _error_tmpl = 'DUOXXX error message'

        @property
        def kwargs(self):
            return kwargs

    return Cls()
github duo-labs / dlint / dlint / linters / bad_itsdangerous_kwarg_use.py View on Github external
from __future__ import (
    absolute_import,
    division,
    print_function,
    unicode_literals,
)

import functools

from .helpers import bad_kwarg_use

from .. import tree


class BadItsDangerousKwargUseLinter(bad_kwarg_use.BadKwargUseLinter):
    """This linter looks for unsafe use of itsdangerous keyword arguments. These
    keyword arguments may indicate insecure signing is being performed.
    """
    off_by_default = False

    _code = 'DUO137'
    _error_tmpl = 'DUO137 insecure "itsdangerous" use allowing empty signing'

    @property
    def kwargs(self):
        def none_algorithm_predicate(call, kwarg_name):
            return tree.kwarg_any([
                functools.partial(
                    tree.kwarg_module_path_call,
                    call,
                    kwarg_name,
github duo-labs / dlint / dlint / linters / bad_duo_client_use.py View on Github external
#!/usr/bin/env python

from __future__ import (
    absolute_import,
    division,
    print_function,
    unicode_literals,
)

from .helpers import bad_kwarg_use

from .. import tree


class BadDuoClientUseLinter(bad_kwarg_use.BadKwargUseLinter):
    """This linter looks for unsafe HTTP use when using the "duo_client" module.
    """
    off_by_default = False

    _code = 'DUO127'
    _error_tmpl = 'DUO127 use of "ca_certs=HTTP|DISABLE" is insecure in "duo_client" module'

    @property
    def kwargs(self):
        def http_or_disable(call, kwarg_name):
            return (
                tree.kwarg_str(call, kwarg_name, "HTTP")
                or tree.kwarg_str(call, kwarg_name, "DISABLE")
            )

        return [
github duo-labs / dlint / dlint / linters / bad_xmlrpc_use.py View on Github external
#!/usr/bin/env python

from __future__ import (
    absolute_import,
    division,
    print_function,
    unicode_literals,
)

from .helpers import bad_kwarg_use

from .. import tree


class BadXmlrpcUseLinter(bad_kwarg_use.BadKwargUseLinter):
    """This linter looks for unsage usage of the
    "SimpleXMLRPCServer.register_instance" function. Note that in Python 3
    this module is called "xmlrpc.server", but this linter still works because
    the attribute name is the same. Unsafe usage looks like:

        "Enabling the allow_dotted_names option allows intruders to access your
        module's global variables and may allow intruders to execute arbitrary
        code on your machine. Only use this option on a secure, closed network."

    https://docs.python.org/2/library/simplexmlrpcserver.html
    """
    off_by_default = False

    _code = 'DUO124'
    _error_tmpl = 'DUO124 instance with "allow_dotted_names" enabled is insecure'
github duo-labs / dlint / dlint / linters / bad_onelogin_kwarg_use.py View on Github external
from __future__ import (
    absolute_import,
    division,
    print_function,
    unicode_literals,
)

import functools

from .helpers import bad_kwarg_use

from .. import tree


class BadOneLoginKwargUseLinter(bad_kwarg_use.BadKwargUseLinter):
    """This linter looks for unsafe use of OneLogin SAML keyword arguments.
    These arguments may indicate weaknesses in SAML authentication support.
    """
    off_by_default = False

    _code = 'DUO128'
    _error_tmpl = 'DUO128 insecure "OneLogin" SAML function call'

    @property
    def kwargs(self):
        def missing_or_string(s, call, kwarg_name):
            return (
                tree.kwarg_not_present(call, kwarg_name)
                or tree.kwarg_str(call, kwarg_name, s)
            )
github duo-labs / dlint / dlint / linters / bad_subprocess_use.py View on Github external
#!/usr/bin/env python

from __future__ import (
    absolute_import,
    division,
    print_function,
    unicode_literals,
)

from .helpers import bad_kwarg_use

from .. import tree


class BadSubprocessUseLinter(bad_kwarg_use.BadKwargUseLinter):
    """This linter looks for use of the "shell=True" kwarg when using the
    "subprocess" module.

        "If the shell is invoked explicitly, via shell=True, it is the
        application's responsibility to ensure that all whitespace and
        metacharacters are quoted appropriately to avoid shell injection
        vulnerabilities."

    https://docs.python.org/3.6/library/subprocess.html#security-considerations
    """
    off_by_default = False

    _code = 'DUO116'
    _error_tmpl = 'DUO116 use of "shell=True" is insecure in "subprocess" module'

    @property
github duo-labs / dlint / dlint / linters / bad_requests_use.py View on Github external
#!/usr/bin/env python

from __future__ import (
    absolute_import,
    division,
    print_function,
    unicode_literals,
)

from .helpers import bad_kwarg_use

from .. import tree


class BadRequestsUseLinter(bad_kwarg_use.BadKwargUseLinter):
    """This linter looks for use of the "verify=False" kwarg when using the
    "requests" module. SSL verification is good, use SSL verification.

    http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification
    """
    off_by_default = False

    _code = 'DUO123'
    _error_tmpl = 'DUO123 use of "verify=False" is insecure in "requests" module'

    @property
    def kwargs(self):
        return [
            {
                "module_path": "requests.request",
                "kwarg_name": "verify",
github duo-labs / dlint / dlint / linters / bad_defusedxml_use.py View on Github external
#!/usr/bin/env python

from __future__ import (
    absolute_import,
    division,
    print_function,
    unicode_literals,
)

from .helpers import bad_kwarg_use

from .. import tree


class BadDefusedxmlUseLinter(bad_kwarg_use.BadKwargUseLinter):
    """This linter looks for lack of "defusedxml" parsing defenses. The
    "defusedxml" library offers "forbid_dtd", "forbid_entities", and
    "forbid_external" keyword arguments to prevent various XML attack
    vectors[1]. All defenses should be enabled.

    [1] https://pypi.org/project/defusedxml/
    """
    off_by_default = False

    _code = 'DUO135'
    _error_tmpl = 'DUO135 enable all "forbid_*" defenses when using "defusedxml" parsing'

    @property
    def kwargs(self):
        return [
            {
github duo-labs / dlint / dlint / linters / bad_urllib3_kwarg_use.py View on Github external
from __future__ import (
    absolute_import,
    division,
    print_function,
    unicode_literals,
)

import functools

from .helpers import bad_kwarg_use

from .. import tree


class BadUrllib3KwargUseLinter(bad_kwarg_use.BadKwargUseLinter):
    """This linter looks for unsafe use of urllib3 keyword arguments. These
    keyword arguments may indicate insecure connections are being performed.
    """
    off_by_default = False

    _code = 'DUO132'
    _error_tmpl = 'DUO132 "urllib3" certificate verification disabled, insecure connections possible'

    @property
    def kwargs(self):
        # See 'urllib3.util.ssl_.resolve_cert_reqs' for more information
        def unverified_cert_reqs(call, kwarg_name):
            return tree.kwarg_any([
                functools.partial(
                    tree.kwarg_str,
                    call,