mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-01 16:23:32 +08:00
0cc5a83e13
- Added new regex for code injection: 'execfile'. - Added new regex for command injection: 'subprocess.run', 'commands.getoutput'. Modified 'os.popen' regex for better detection. - Added new regex for untrusted source: 'marshal.loads', 'pickle.Unpickler'. - Modified 'dangerous-yaml' regex to include 'yaml.safe_load'. - Added new regex in 'sqli' for various database execute functions.
59 lines
1.5 KiB
YAML
59 lines
1.5 KiB
YAML
id: python-scanner
|
|
|
|
info:
|
|
name: Python Scanner
|
|
author: majidmc2
|
|
severity: info
|
|
description: Nuclei template to detect potentially dangerous Python functions in Python files. The template checks for functions that could lead to code injection, command injection, loading untrusted data, and SQL injection vulnerabilities.
|
|
reference:
|
|
- https://www.kevinlondon.com/2015/07/26/dangerous-python-functions.html
|
|
- https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html
|
|
tags: python,file,sast
|
|
|
|
file:
|
|
- extensions:
|
|
- py
|
|
|
|
extractors:
|
|
- type: regex
|
|
name: code-injection
|
|
regex:
|
|
- 'exec'
|
|
- 'eval'
|
|
- '__import__'
|
|
- 'execfile'
|
|
|
|
- type: regex
|
|
name: command-injection
|
|
regex:
|
|
- 'subprocess.call\(.*shell=True.*\)'
|
|
- 'os.system'
|
|
- 'os.popen\d?'
|
|
- 'subprocess.run'
|
|
- 'commands.getoutput'
|
|
|
|
- type: regex
|
|
name: untrusted-source
|
|
regex:
|
|
- 'pickle\.loads'
|
|
- 'c?Pickle\.loads?'
|
|
- 'marshal\.loads'
|
|
- 'pickle\.Unpickler
|
|
|
|
- type: regex
|
|
name: dangerous-yaml
|
|
regex:
|
|
regex:
|
|
- 'yaml\.load'
|
|
- 'yaml\.safe_load'
|
|
|
|
- type: regex
|
|
name: sqli
|
|
regex:
|
|
regex:
|
|
- 'cursor\.execute'
|
|
- 'sqlite3\.execute'
|
|
- 'MySQLdb\.execute'
|
|
- 'psycopg2\.execute'
|
|
- 'cx_Oracle\.execute'
|