nuclei-templates/file/python/python-scanner.yaml

57 lines
1.3 KiB
YAML
Raw Normal View History

2021-10-24 13:18:44 +00:00
id: python-scanner
info:
name: Python Scanner
author: majidmc2
severity: info
2023-08-11 04:55:18 +00:00
description: Indicators for dangerous Python functions
2021-10-25 09:05:29 +00:00
reference:
- https://www.kevinlondon.com/2015/07/26/dangerous-python-functions.html
- https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html
2021-10-25 09:05:43 +00:00
tags: python,file,sast
2021-10-24 13:18:44 +00:00
file:
- extensions:
- py
extractors:
- type: regex
2021-10-25 10:33:46 +00:00
name: code-injection
2021-10-24 13:18:44 +00:00
regex:
- 'exec'
- 'eval'
- '__import__'
- 'execfile'
2023-08-04 11:20:30 +00:00
2021-10-24 13:18:44 +00:00
- type: regex
2021-10-25 10:33:46 +00:00
name: command-injection
2021-10-24 13:18:44 +00:00
regex:
- 'subprocess.call\(.*shell=True.*\)'
- 'os.system'
- 'os.popen\d?'
- 'subprocess.run'
- 'commands.getoutput'
2021-10-24 13:18:44 +00:00
- type: regex
2021-10-25 10:33:46 +00:00
name: untrusted-source
2021-10-24 13:18:44 +00:00
regex:
- 'pickle\.loads'
- 'c?Pickle\.loads?'
- 'marshal\.loads'
- 'pickle\.Unpickler'
2021-10-24 13:18:44 +00:00
- type: regex
2021-10-25 10:33:46 +00:00
name: dangerous-yaml
2021-10-24 13:18:44 +00:00
regex:
- 'yaml\.load'
- 'yaml\.safe_load'
2021-10-24 13:18:44 +00:00
- type: regex
2021-10-25 10:33:46 +00:00
name: sqli
2021-10-24 13:18:44 +00:00
regex:
- 'cursor\.execute'
- 'sqlite3\.execute'
- 'MySQLdb\.execute'
- 'psycopg2\.execute'
- 'cx_Oracle\.execute'