>/i>(SSKrSSKrSSKJr SSKJr "SS5rS SjrS SjrSr S r \R"S 5\R"S 5S 55r g)N)issue)test_propertiesc*\rSrSrSSjrSrSrSrg)DeepAssignation NcXlX lgN)var_name ignore_nodes)selfr r s S/home/james-whalen/.local/lib/python3.13/site-packages/bandit/plugins/django_xss.py__init__DeepAssignation.__init__ s  (c/nUH\nURU5nU(dM[U[[45(aUR U5 MKUR U5 M^ U$r ) is_assigned isinstancelisttupleextendappend)r itemsassignedast_inst new_assigneds r is_assigned_inDeepAssignation.is_assigned_insVH++H5L|lT5M::OOL1OOL1 rcF SnUR(aF[UR[[[45(a[XR5(aU$[U[ R 5(aURUR5nU$[U[ R5(aURRHLn[U[ R5(dM$URURR:XdMJUs $ URUR5nU$[U[ R 5(adUR"HRn[%UR&SS5nXPRR:XaUnM7URUR5nMT U$[U[ R(5(a/nUR+URUR55 UR+URUR,55 UR+URUR.55 UR+URUR055 U$[U[ R25(a./nUR+URUR55 U$[U[ R4[ R6[ R845(aX/nUR+URUR55 UR+URUR.55 U$[U[ R:5(ae[UR<[ R5(a:UR<RURR:Xa URnU$[U[ R>5(GaUR@(GaUR@Sn[U[ R5(a2URURR:Xa URnU$[U[ RB5(a[UR[ RB5(aZSnURDHHnURURR:XaURRDUn U$US- nMJ U$)NFidr)#r rrrobjectastExprrvalue FunctionDefargsNamerr rbodyWithrgetattr optional_varsTryrhandlersorelse finalbody ExceptHandlerIfForWhile AugAssigntargetAssigntargetsTupleelts)r nodernamewithitemvar_idr5poss r rDeepAssignation.is_assigneds   $++dE6-BCCd$5$566#O dCHH % %'' 3H\[coo . . dCHH--ww$--"2"22' ' **4995HNMchh ' ' JJ !7!7tD]]---#H#22499=H 'J?cgg & &H OOD// : ; OOD// > ? OOD// < = OOD//? @43c// 0 0H OOD// : ;.-svvsww : ; ;H OOD// : ; OOD// < =&%cmm , ,$++sxx00;;>>T]]%5%55#zzHcjj ) )dlll\\!_F&#((++99 0 00#zzHFCII..: CII44"KKDww$--"2"22#'::??3#71HC ( r)r r r )__name__ __module__ __qualname____firstlineno__rrr__static_attributes__rr rr s) 6rrcvSn[U[R5(Ga[U[R5(a9URRHnUR UR :XdM g [X5nURGHnURU:a U$URU5nU(dM1[U[R5(a#[UR[5(aSnMs[U[R5(a[XURU5nM[U[R5(a[!XU5nM[U["[$45(aSn UHn [U [R5(a&[U R[5(aU S- n MH[U [R5(a%[XURU5(aU S- n M O O U ['U5:XaSnGMSn U$Sn U$ U$)NFTrr )rr"r'r%r&argrrr(linenorConstantr$str evaluate_varCall evaluate_callrrlen) xss_varparentuntilr securer;analyserr:to num_securesome_tos r rKrKUs F'388$$ fcoo . . ((88wzz) )#79KKD{{e#B MA%%d+Brb#,,//Jrxx4M4M!FCHH--)"biiNFCHH--*2|DFT5M22!"J#%%gs||<<#MM3BB'!OJ'::+ 'l  !+a %!$&"SW,!%!& M#F MG F Mrc^SnSn[U[R5(a[UR[R5(ab[URR [R 5(a/URRS:XaSnUR(aSnU(Gav[UR5nSnUGHJn[U[R 5(a&[UR [5(aUS- nMI[U[R5(a%[XqURU5(aUS- nM O[U[R5(a[XqU5(aUS- nM O[U[R 5(af[UR [R"[R$45(a-UR'UR R(5 US- nGMK O U[+U5:HnU$)NFformatTrr )rr"rLfunc Attributer$rIattrkeywordsrr&rJr'rKrHrMStarredListr8rr9rN)callrPr rRevaluater&rUrGs r rMrMsx FH$!!jCMM&J&J tyy 5 5 (*H}} DII C#s||,,CIIs1K1Ka C**T[[,GG!OJC** l;;!OJC--* CHHcii033 CIINN+a '(s4y( Mrc[U[R5(Ga^[UR[R5n[UR [R 5=(a$ [UR R[5nU(aU(a[R"5n/Ul /Ul SUl URUl [R"5UlUR URlSURl[UR [R"5(aUR R$Ul U$UR /Ul U$ggg)NrX)rr"BinOpopModleftrIr$rJrLr&r\rHrZrYr[rightr8r9)varis_mod is_left_strnew_calls r transform2callrks#syy!!CFFCGG, 3<<8 Z HHNNC>  kxxzHHMHM $H !jjHOMMOHM"%((HMM !)HMM #))SYY// #  O"%  O"6 "rcSnURSnSn[U[R5(aURn[U[R [R 45(d=URn[U[R [R 45(dM=Sn[U[R 5(a;URRH!nURUR:XdMSn O U(d[X$UR5nGO[U[R5(aURn[U[R [R 45(d=URn[U[R [R 45(dM=[X$5nGO/[U[R5(Ga[UR[R5n[UR [R"5=(a$ [UR R$[&5nU(aU(aURn[U[R [R 45(d=URn[U[R [R 45(dM=[)U5n [X5nU(dK[*R,"[*R.[*R0[2R4R6US9$g)Nz$Potential XSS on mark_safe function.rFT)severity confidencecwetext)r&rr"r'_bandit_parentModuler%rGrrKrHrLrMrbrcrdrerIr$rJrkbanditIssueMEDIUMHIGHrCwe BASIC_XSS) r: descriptionrOrRrPis_paramr;rhrirjs r check_riskr{s*8KiilG F'388$$$$Vcjj#//%BCC**FVcjj#//%BCC fcoo . . ((88wzz)#H) !'4;;?F GSXX & &$$Vcjj#//%BCC**FVcjj#//%BCCw/ GSYY ' 'GJJ0 s||<  LL  B  k((F #**coo)FGG..!#**coo)FGG%g.H"84F ||]]{{ ##    rrLB703c4URS5(a/SQnURU;amURRSn[ U[ R 5(a[ UR[5(d[UR5$ggg)a**B703: Potential XSS on mark_safe function** :Example: .. code-block:: none >> Issue: [B703:django_mark_safe] Potential XSS on mark_safe function. Severity: Medium Confidence: High CWE: CWE-80 (https://cwe.mitre.org/data/definitions/80.html) Location: examples/mark_safe_insecure.py:159:4 More Info: https://bandit.readthedocs.io/en/latest/plugins/b703_django_mark_safe.html 158 str_arg = 'could be insecure' 159 safestring.mark_safe(str_arg) .. seealso:: - https://docs.djangoproject.com/en/dev/topics/security/#cross-site-scripting-xss-protection - https://docs.djangoproject.com/en/dev/ref/utils/#module-django.utils.safestring - https://docs.djangoproject.com/en/dev/ref/utils/#django.utils.html.format_html - https://cwe.mitre.org/data/definitions/80.html .. versionadded:: 1.5.0 .. versionchanged:: 1.7.3 CWE information added zdjango.utils.safestring) mark_safeSafeText SafeUnicode SafeString SafeBytesrN) is_module_imported_likecall_function_namer:r&rr"rIr$rJr{)contextaffected_functionsxsss r django_mark_safersB&&'@AA   % %); ;,,##A&C3 --*SYY2L2L!',,//3M <Brr )r"rs bandit.corerrtestrrKrMrkr{checkstest_idrrErr rse  /FFR,^%P,, ^Vf,0,0r