Merge pull request #2974 from majidmc2/master

Add file/python
2021-10-25 15:21:02 +05:30 · 2021-10-25 15:21:02 +05:30 · de3365c34c
parent 9e16035488 a6ab5dd771
commit de3365c34c
1 changed files with 50 additions and 0 deletions
--- a/file/python/python-scanner.yaml
+++ b/file/python/python-scanner.yaml
@ -0,0 +1,50 @@
+id: python-scanner
+
+info:
+  name: Python Scanner
+  author: majidmc2
+  severity: info
+  description: Scan for dangerous Python functions
+  reference:
+    - https://www.kevinlondon.com/2015/07/26/dangerous-python-functions.html
+    - https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html
+  tags: python,file,sast
+
+
+file:
+  - extensions:
+      - py
+
+    extractors:
+      - type: regex
+        name: Possible Code Injection
+        regex:
+          - 'exec'
+          - 'eval'
+          - '__import__'
+
+
+      - type: regex
+        name: Possible Command Injection
+        regex:
+          - 'subprocess.call\(.*shell=True.*\)'
+          - 'os.system'
+          - 'os.popen'
+
+
+      - type: regex
+        name: Possibly Unpickling untrusted source
+        regex:
+          - 'pickle.loads'
+          - 'cPickle.loads'
+
+
+      - type: regex
+        name: Possibly loading dangerous YAMLs
+        regex:
+          - 'yaml.load'
+
+      - type: regex
+        name: Possible SQLi
+        regex:
+          - 'cursor.execute'