nuclei-templates/file/python/python-scanner.yaml

50 lines
977 B
YAML

id: python-scanner
info:
name: Python Scanner
author: majidmc2
severity: info
description: Indicators for dangerous Python functions
reference:
- https://www.kevinlondon.com/2015/07/26/dangerous-python-functions.html
- https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html
tags: python,file,sast
file:
- extensions:
- py
extractors:
- type: regex
name: code-injection
regex:
- 'exec'
- 'eval'
- '__import__'
- type: regex
name: command-injection
regex:
- 'subprocess.call\(.*shell=True.*\)'
- 'os.system'
- 'os.popen'
- type: regex
name: untrusted-source
regex:
- 'pickle.loads'
- 'cPickle.loads'
- type: regex
name: dangerous-yaml
regex:
- 'yaml.load'
- type: regex
name: sqli
regex:
- 'cursor.execute'