mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-01 00:03:39 +08:00
57 lines
1.4 KiB
YAML
57 lines
1.4 KiB
YAML
id: python-scanner
|
|
|
|
info:
|
|
name: Python Scanner
|
|
author: majidmc2
|
|
severity: info
|
|
description: Nuclei template to detect potentially dangerous Python functions in Python files. The template checks for functions that could lead to code injection, command injection, loading untrusted data, and SQL injection vulnerabilities.
|
|
reference:
|
|
- https://www.kevinlondon.com/2015/07/26/dangerous-python-functions.html
|
|
- https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html
|
|
tags: python,file,sast
|
|
|
|
file:
|
|
- extensions:
|
|
- py
|
|
|
|
extractors:
|
|
- type: regex
|
|
name: code-injection
|
|
regex:
|
|
- 'exec'
|
|
- 'eval'
|
|
- '__import__'
|
|
- 'execfile'
|
|
|
|
- type: regex
|
|
name: command-injection
|
|
regex:
|
|
- 'subprocess.call\(.*shell=True.*\)'
|
|
- 'os.system'
|
|
- 'os.popen\d?'
|
|
- 'subprocess.run'
|
|
- 'commands.getoutput'
|
|
|
|
- type: regex
|
|
name: untrusted-source
|
|
regex:
|
|
- 'pickle\.loads'
|
|
- 'c?Pickle\.loads?'
|
|
- 'marshal\.loads'
|
|
- 'pickle\.Unpickler'
|
|
|
|
- type: regex
|
|
name: dangerous-yaml
|
|
regex:
|
|
- 'yaml\.load'
|
|
- 'yaml\.safe_load'
|
|
|
|
- type: regex
|
|
name: sqli
|
|
regex:
|
|
- 'cursor\.execute'
|
|
- 'sqlite3\.execute'
|
|
- 'MySQLdb\.execute'
|
|
- 'psycopg2\.execute'
|
|
- 'cx_Oracle\.execute'
|