2021-10-24 16:48:44 +03:30
|
|
|
id: python-scanner
|
|
|
|
|
|
|
|
|
|
info:
|
|
|
|
|
name: Python Scanner
|
|
|
|
|
author: majidmc2
|
|
|
|
|
severity: info
|
2021-10-25 16:03:46 +05:30
|
|
|
description: Indicators for dangerous Python functions
|
2021-10-25 14:35:29 +05:30
|
|
|
reference:
|
|
|
|
|
- https://www.kevinlondon.com/2015/07/26/dangerous-python-functions.html
|
|
|
|
|
- https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html
|
2021-10-25 14:35:43 +05:30
|
|
|
tags: python,file,sast
|
2021-10-24 16:48:44 +03:30
|
|
|
|
|
|
|
|
file:
|
|
|
|
|
- extensions:
|
|
|
|
|
- py
|
|
|
|
|
|
|
|
|
|
extractors:
|
|
|
|
|
- type: regex
|
2021-10-25 16:03:46 +05:30
|
|
|
name: code-injection
|
2021-10-24 16:48:44 +03:30
|
|
|
regex:
|
|
|
|
|
- 'exec'
|
|
|
|
|
- 'eval'
|
|
|
|
|
- '__import__'
|
|
|
|
|
|
|
|
|
|
- type: regex
|
2021-10-25 16:03:46 +05:30
|
|
|
name: command-injection
|
2021-10-24 16:48:44 +03:30
|
|
|
regex:
|
|
|
|
|
- 'subprocess.call\(.*shell=True.*\)'
|
|
|
|
|
- 'os.system'
|
|
|
|
|
- 'os.popen'
|
|
|
|
|
|
|
|
|
|
- type: regex
|
2021-10-25 16:03:46 +05:30
|
|
|
name: untrusted-source
|
2021-10-24 16:48:44 +03:30
|
|
|
regex:
|
|
|
|
|
- 'pickle.loads'
|
|
|
|
|
- 'cPickle.loads'
|
|
|
|
|
|
|
|
|
|
- type: regex
|
2021-10-25 16:03:46 +05:30
|
|
|
name: dangerous-yaml
|
2021-10-24 16:48:44 +03:30
|
|
|
regex:
|
|
|
|
|
- 'yaml.load'
|
|
|
|
|
|
|
|
|
|
- type: regex
|
2021-10-25 16:03:46 +05:30
|
|
|
name: sqli
|
2021-10-24 16:48:44 +03:30
|
|
|
regex:
|
2021-10-25 16:03:46 +05:30
|
|
|
- 'cursor.execute'
|
