57 lines
1.3 KiB
YAML
57 lines
1.3 KiB
YAML
id: python-scanner
|
|
|
|
info:
|
|
name: Python Scanner
|
|
author: majidmc2
|
|
severity: info
|
|
description: Indicators for dangerous Python functions
|
|
reference:
|
|
- https://www.kevinlondon.com/2015/07/26/dangerous-python-functions.html
|
|
- https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html
|
|
tags: python,file,sast
|
|
|
|
file:
|
|
- extensions:
|
|
- py
|
|
|
|
extractors:
|
|
- type: regex
|
|
name: code-injection
|
|
regex:
|
|
- 'exec'
|
|
- 'eval'
|
|
- '__import__'
|
|
- 'execfile'
|
|
|
|
- type: regex
|
|
name: command-injection
|
|
regex:
|
|
- 'subprocess.call\(.*shell=True.*\)'
|
|
- 'os.system'
|
|
- 'os.popen\d?'
|
|
- 'subprocess.run'
|
|
- 'commands.getoutput'
|
|
|
|
- type: regex
|
|
name: untrusted-source
|
|
regex:
|
|
- 'pickle\.loads'
|
|
- 'c?Pickle\.loads?'
|
|
- 'marshal\.loads'
|
|
- 'pickle\.Unpickler'
|
|
|
|
- type: regex
|
|
name: dangerous-yaml
|
|
regex:
|
|
- 'yaml\.load'
|
|
- 'yaml\.safe_load'
|
|
|
|
- type: regex
|
|
name: sqli
|
|
regex:
|
|
- 'cursor\.execute'
|
|
- 'sqlite3\.execute'
|
|
- 'MySQLdb\.execute'
|
|
- 'psycopg2\.execute'
|
|
- 'cx_Oracle\.execute'
|