Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def get_bad_module_attribute_use_implementation(illegal_module_attributes):
class Cls(dlint.linters.helpers.bad_module_attribute_use.BadModuleAttributeUseLinter):
_code = 'DUOXXX'
_error_tmpl = 'DUOXXX error message'
@property
def illegal_module_attributes(self):
return illegal_module_attributes
return Cls()
#!/usr/bin/env python
from __future__ import (
absolute_import,
division,
print_function,
unicode_literals,
)
from .helpers import bad_module_attribute_use
class BadSysUseLinter(bad_module_attribute_use.BadModuleAttributeUseLinter):
"""This linter looks for unsafe use of the Python "sys" module. These
functions allow for an arbitrary function to be passed in that the
interpreter will call at a later point in time. This could lead to
arbitrary code execution.
"""
off_by_default = False
_code = 'DUO111'
_error_tmpl = 'DUO111 insecure use of "sys" module'
@property
def illegal_module_attributes(self):
return {
'sys': [
'call_tracing',
'setprofile',
#!/usr/bin/env python
from __future__ import (
absolute_import,
division,
print_function,
unicode_literals,
)
from .helpers import bad_module_attribute_use
class BadPickleUseLinter(bad_module_attribute_use.BadModuleAttributeUseLinter):
"""This linter looks for use of the Python "pickle" module. Pickling is
not secure against erroneous or maliciously constructed data.
"""
off_by_default = False
_code = 'DUO103'
_error_tmpl = 'DUO103 insecure use of "pickle" or "cPickle"'
@property
def illegal_module_attributes(self):
return {
'cPickle': [
'loads',
'load',
'Unpickler',
],
#!/usr/bin/env python
from __future__ import (
absolute_import,
division,
print_function,
unicode_literals,
)
from .helpers import bad_module_attribute_use
class BadYAMLUseLinter(bad_module_attribute_use.BadModuleAttributeUseLinter):
"""This linter looks for unsafe use of the Python "yaml" module. Its
parsing functions (dump, dump_all, load, load_all) should be avoided in
favor of their safe_* equivalent.
"""
off_by_default = False
_code = 'DUO109'
_error_tmpl = 'DUO109 insecure use of "yaml" parsing function, prefer "safe_*" equivalent'
@property
def illegal_module_attributes(self):
return {
'yaml': [
'dump',
'dump_all',
'load',
#!/usr/bin/env python
from __future__ import (
absolute_import,
division,
print_function,
unicode_literals,
)
from .helpers import bad_module_attribute_use
class BadUrllib3ModuleAttributeUseLinter(bad_module_attribute_use.BadModuleAttributeUseLinter):
"""This linter looks for unsafe use of urllib3 module attributes. These
attributes may indicate insecure connections are being performed.
"""
off_by_default = False
_code = 'DUO131'
_error_tmpl = 'DUO131 "urllib3" warnings disabled, insecure connections possible'
@property
def illegal_module_attributes(self):
return {
'urllib3': [
'disable_warnings',
],
#!/usr/bin/env python
from __future__ import (
absolute_import,
division,
print_function,
unicode_literals,
)
from .helpers import bad_module_attribute_use
class BadOneLoginModuleAttributeUseLinter(bad_module_attribute_use.BadModuleAttributeUseLinter):
"""This linter looks for unsafe use of OneLogin SAML module attributes.
These attributes may indicate weaknesses in SAML authentication support.
"""
off_by_default = False
_code = 'DUO129'
_error_tmpl = 'DUO129 insecure "OneLogin" SAML attribute use'
@property
def illegal_module_attributes(self):
return {
'onelogin.saml2.utils.OneLogin_Saml2_Constants': [
'SHA1',
'RSA_SHA1',
'DSA_SHA1',
'TRIPLEDES_CBC',
#!/usr/bin/env python
from __future__ import (
absolute_import,
division,
print_function,
unicode_literals,
)
from .helpers import bad_module_attribute_use
class BadOSUseLinter(bad_module_attribute_use.BadModuleAttributeUseLinter):
"""This linter looks for unsafe use of the Python "os" module. Use of
system|popen|popen2|popen3|popen4 allows for easy code execution bugs.
Further:
"Use of tempnam|tmpnam() is vulnerable to symlink attacks; consider
using tmpfile() (section File Object Creation) instead."
https://docs.python.org/2.7/library/os.html
"""
off_by_default = False
_code = 'DUO106'
_error_tmpl = 'DUO106 insecure use of "os" module'
@property
def illegal_module_attributes(self):