Skip to content

Latest commit

 

History

History
48 lines (32 loc) · 1.34 KB

B609.md

File metadata and controls

48 lines (32 loc) · 1.34 KB

Pattern: Possible wildcard injection

Issue: -

Description

Python provides a number of methods that emulate the behavior of standard Linux command line utilities. Like their Linux counterparts, these commands may take a wildcard * character in place of a file system path. This is interpreted to mean "any and all files or folders" and can be used to build partially qualified paths, such as /home/user/*.

The use of partially qualified paths may result in unintended consequences if an unexpected file or symlink is placed into the path location given. This becomes particularly dangerous when combined with commands used to manipulate file permissions or copy data off of a system.

This rule looks for usage of the following commands in conjunction with wild card parameters:

  • chown
  • chmod
  • tar
  • rsync

As well as any method configured in the shell or subprocess injection test configurations.

Example of insecure code:

import os as o
import subprocess as subp

o.popen2('/bin/chmod *')

Example of secure code:

import os as o
import subprocess as subp

subp.Popen(['/bin/chown', '*'])

Further Reading