58 lines
1.4 KiB
YAML
58 lines
1.4 KiB
YAML
id: python-scanner
|
|
|
|
info:
|
|
name: Python Scanner
|
|
author: majidmc2
|
|
severity: info
|
|
description: Indicators for dangerous Python functions
|
|
reference:
|
|
- https://www.kevinlondon.com/2015/07/26/dangerous-python-functions.html
|
|
- https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html
|
|
tags: python,file,sast
|
|
file:
|
|
- extensions:
|
|
- py
|
|
|
|
extractors:
|
|
- type: regex
|
|
name: code-injection
|
|
regex:
|
|
- 'exec'
|
|
- 'eval'
|
|
- '__import__'
|
|
- 'execfile'
|
|
|
|
- type: regex
|
|
name: command-injection
|
|
regex:
|
|
- 'subprocess.call\(.*shell=True.*\)'
|
|
- 'os.system'
|
|
- 'os.popen\d?'
|
|
- 'subprocess.run'
|
|
- 'commands.getoutput'
|
|
|
|
- type: regex
|
|
name: untrusted-source
|
|
regex:
|
|
- 'pickle\.loads'
|
|
- 'c?Pickle\.loads?'
|
|
- 'marshal\.loads'
|
|
- 'pickle\.Unpickler'
|
|
|
|
- type: regex
|
|
name: dangerous-yaml
|
|
regex:
|
|
- 'yaml\.load'
|
|
- 'yaml\.safe_load'
|
|
|
|
- type: regex
|
|
name: sqli
|
|
regex:
|
|
- 'cursor\.execute'
|
|
- 'sqlite3\.execute'
|
|
- 'MySQLdb\.execute'
|
|
- 'psycopg2\.execute'
|
|
- 'cx_Oracle\.execute'
|
|
|
|
# digest: 4a0a00473045022100d5b183fba0418cf56693190a2b1b1112a53d5b2584f31c07241959a209caafac02200f7da04a1708afc23df42188fcae13c0efae39881a4179b4ecec77ce2e9843c7:922c64590222798bb761d5b6d8e72950
|