Add file/python

2021-10-24 16:48:44 +03:30 · 2021-10-24 16:48:44 +03:30 · 1eb3e16ea1
parent 5759e77e6c
commit 1eb3e16ea1
1 changed files with 49 additions and 0 deletions
--- a/file/python/python-scanner.yaml
+++ b/file/python/python-scanner.yaml
@ -0,0 +1,49 @@
+id: python-scanner
+
+info:
+  name: Python Scanner
+  author: majidmc2
+  severity: info
+  description: Scan for dangerous Python functions.
+  reference: https://www.kevinlondon.com/2015/07/26/dangerous-python-functions.html, https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html
+  tags: python,file
+
+
+file:
+  - extensions:
+      - py
+
+    extractors:
+      - type: regex
+        name: Possibility of SQLi vulnerability Code Injection
+        regex:
+          - 'exec'
+          - 'eval'
+          - '__import__'
+
+
+      - type: regex
+        name: The Command Injection Series
+        regex:
+          - 'subprocess.call\(.*shell=True.*\)'
+          - 'os.system'
+          - 'os.popen'
+
+
+      - type: regex
+        name: The pickle module is not secure
+        regex:
+          - 'pickle.loads'
+          - 'cPickle.loads'
+
+
+      - type: regex
+        name: Loading dangerous YAMLs
+        regex:
+          - 'yaml.load'
+
+
+      - type: regex
+        name: Possibility of SQLi vulnerability
+        regex:
+          - 'cursor.execute'