Skip to content

Commit efc0cfb

Browse files
KevinHockKevinHock
authored
↪️ Merge pull request #200 from wchresta/180_add_shell_injection_sinks
Add fully qualified shell injection sinks.
2 parents 98a7b6b + 9d2a607 commit efc0cfb

File tree

1 file changed

+39
-8
lines changed

1 file changed

+39
-8
lines changed

Diff for: pyt/vulnerability_definitions/all_trigger_words.pyt

+39-8
Original file line numberDiff line numberDiff line change
@@ -30,18 +30,49 @@
3030
"'..' in"
3131
]
3232
},
33+
"commands.getoutput(": {},
34+
"commands.getstatusoutput(": {},
3335
"execute(": {},
34-
"os.system(": {},
3536
"filter(": {},
36-
"subprocess.call(": {},
37-
"subprocess.Popen(": {},
38-
"render_template(": {},
39-
"set_cookie(": {},
40-
"redirect(": {},
41-
"url_for(": {},
4237
"flash(": {},
4338
"jsonify(": {},
39+
"os.execl(": {},
40+
"os.execle(": {},
41+
"os.execlp(": {},
42+
"os.execlpe(": {},
43+
"os.execv(": {},
44+
"os.execve(": {},
45+
"os.execvp(": {},
46+
"os.execvpe(": {},
47+
"os.popen(": {},
48+
"os.popen2(": {},
49+
"os.popen3(": {},
50+
"os.popen4(": {},
51+
"os.spawnl(": {},
52+
"os.spawnle(": {},
53+
"os.spawnlp(": {},
54+
"os.spawnlpe(": {},
55+
"os.spawnv(": {},
56+
"os.spawnve(": {},
57+
"os.spawnvp(": {},
58+
"os.spawnvpe(": {},
59+
"os.startfile(": {},
60+
"os.system(": {},
61+
"popen2.Popen3(": {},
62+
"popen2.Popen4(": {},
63+
"popen2.popen2(": {},
64+
"popen2.popen3(": {},
65+
"popen2.popen4(": {},
66+
"redirect(": {},
4467
"render(": {},
45-
"render_to_response(": {}
68+
"render_template(": {},
69+
"render_to_response(": {},
70+
"set_cookie(": {},
71+
"subprocess.Popen(": {},
72+
"subprocess.call(": {},
73+
"subprocess.check_call(": {},
74+
"subprocess.check_output(": {},
75+
"subprocess.run(": {},
76+
"url_for(": {}
4677
}
4778
}

0 commit comments

Comments
 (0)