2021-10-24 13:18:44 +00:00
id : python-scanner
info :
name : Python Scanner
author : majidmc2
severity : info
2023-08-04 09:27:44 +00:00
description : Nuclei template to detect potentially dangerous Python functions in Python files. The template checks for functions that could lead to code injection, command injection, loading untrusted data, and SQL injection vulnerabilities.
2021-10-25 09:05:29 +00:00
reference :
- https://www.kevinlondon.com/2015/07/26/dangerous-python-functions.html
- https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html
2021-10-25 09:05:43 +00:00
tags : python,file,sast
2021-10-24 13:18:44 +00:00
file :
- extensions :
- py
extractors :
- type : regex
2021-10-25 10:33:46 +00:00
name : code-injection
2021-10-24 13:18:44 +00:00
regex :
- 'exec'
- 'eval'
- '__import__'
2023-08-04 09:27:44 +00:00
- 'execfile'
2023-08-04 11:20:30 +00:00
2021-10-24 13:18:44 +00:00
- type : regex
2021-10-25 10:33:46 +00:00
name : command-injection
2021-10-24 13:18:44 +00:00
regex :
- 'subprocess.call\(.*shell=True.*\)'
- 'os.system'
2023-08-04 09:27:44 +00:00
- 'os.popen\d?'
- 'subprocess.run'
- 'commands.getoutput'
2021-10-24 13:18:44 +00:00
- type : regex
2021-10-25 10:33:46 +00:00
name : untrusted-source
2021-10-24 13:18:44 +00:00
regex :
2023-08-04 09:27:44 +00:00
- 'pickle\.loads'
- 'c?Pickle\.loads?'
- 'marshal\.loads'
2023-08-04 09:29:31 +00:00
- 'pickle\.Unpickler'
2021-10-24 13:18:44 +00:00
- type : regex
2021-10-25 10:33:46 +00:00
name : dangerous-yaml
2021-10-24 13:18:44 +00:00
regex :
2023-08-04 09:27:44 +00:00
- 'yaml\.load'
- 'yaml\.safe_load'
2021-10-24 13:18:44 +00:00
- type : regex
2021-10-25 10:33:46 +00:00
name : sqli
2021-10-24 13:18:44 +00:00
regex :
2023-08-04 09:27:44 +00:00
- 'cursor\.execute'
- 'sqlite3\.execute'
- 'MySQLdb\.execute'
- 'psycopg2\.execute'
- 'cx_Oracle\.execute'