Merge pull request #2974 from majidmc2/master

Add file/python

file/python/python-scanner.yaml

@@ -0,0 +1,50 @@
+id: python-scanner
+
+info:
+  name: Python Scanner
+  author: majidmc2
+  severity: info
+  description: Scan for dangerous Python functions
+  reference:
+    - https://www.kevinlondon.com/2015/07/26/dangerous-python-functions.html
+    - https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html
+  tags: python,file,sast
+
+
+file:
+  - extensions:
+      - py
+
+    extractors:
+      - type: regex
+        name: Possible Code Injection
+        regex:
+          - 'exec'
+          - 'eval'
+          - '__import__'
+
+
+      - type: regex
+        name: Possible Command Injection
+        regex:
+          - 'subprocess.call\(.*shell=True.*\)'
+          - 'os.system'
+          - 'os.popen'
+
+
+      - type: regex
+        name: Possibly Unpickling untrusted source
+        regex:
+          - 'pickle.loads'
+          - 'cPickle.loads'
+
+
+      - type: regex
+        name: Possibly loading dangerous YAMLs
+        regex:
+          - 'yaml.load'
+
+      - type: regex
+        name: Possible SQLi
+        regex:
+          - 'cursor.execute'