python

var AwsLambdaSqlInjection *analysis.Analyzer = &analysis.Analyzer{
	Name:        "aws-lambda-sqli",
	Language:    analysis.LangPy,
	Description: "An SQL statement in the code is using data from the event object, which could lead to SQL injection if the input is user-controlled and not properly sanitized. To prevent this vulnerability, it's recommended to use parameterized queries or prepared statements.",
	Category:    analysis.CategorySecurity,
	Severity:    analysis.SeverityWarning,
	Run:         checkAwsLambdaSqlInjection,
}

var CsvWriterInjection *analysis.Analyzer = &analysis.Analyzer{
	Name:        "csv-writer-injection",
	Language:    analysis.LangPy,
	Description: "Using the built-in csv module with user input can allow attackers to inject malicious formulas into CSV files. When opened in a spreadsheet, these formulas may execute scripts that steal data or install malware. To mitigate this risk, use defusedcsv, a drop-in replacement that helps prevent formula injection.",
	Category:    analysis.CategorySecurity,
	Severity:    analysis.SeverityWarning,
	Run:         checkCsvWriterInjection,
}

var DangerousCreateExec *analysis.Analyzer = &analysis.Analyzer{
	Name:        "dangerous-create-exec",
	Language:    analysis.LangPy,
	Description: "This checker detects when `create_subprocess_exec` has tainted data passed into it. This can cause a Command Injection vulnerability",
	Category:    analysis.CategorySecurity,
	Severity:    analysis.SeverityError,
	Run:         dangerousCreateExec,
}

var DjangoInsecurePickleDeserialize *analysis.Analyzer = &analysis.Analyzer{
	Name:        "django-insecure-pickle-deserialize",
	Language:    analysis.LangPy,
	Description: "Insecure deserialization with pickle, _pickle, cpickle, dill, shelve, or yaml can lead to remote code execution. These libraries execute arbitrary code when loading untrusted data",
	Category:    analysis.CategorySecurity,
	Severity:    analysis.SeverityWarning,
	Run:         checkDjangoInsecurePickleDeserialize,
}

var DjangoMissingThrottleConfig *analysis.Analyzer = &analysis.Analyzer{
	Name:        "django-missing-throttle-config",
	Language:    analysis.LangPy,
	Description: "Django REST framework is missing rate-limiting configurations, which could lead to resource starvation or DoS attacks. Add 'DEFAULT_THROTTLE_CLASSES' and 'DEFAULT_THROTTLE_RATES' to enforce rate limits.",
	Category:    analysis.CategorySecurity,
	Severity:    analysis.SeverityWarning,
	Run:         checkDjangoMissingThrottleConfig,
}

var DjangoPasswordEmptyString *analysis.Analyzer = &analysis.Analyzer{
	Name:        "django-password-empty-string",
	Language:    analysis.LangPy,
	Description: "Using empty string as password in `set_password()` may cause unintended behavior. To set an unusable password please set the password to None or call `set_unusable_password()`",
	Category:    analysis.CategorySecurity,
	Severity:    analysis.SeverityWarning,
	Run:         checkDjangoPasswordEmptyString,
}

var DjangoRequestDataWrite *analysis.Analyzer = &analysis.Analyzer{
	Name:        "django-request-data-write",
	Language:    analysis.LangPy,
	Description: "User-controlled request data is directly written to a file, which can lead to security risks such as unauthorized file modification, forced log rotation, or denial-of-service by exhausting disk space. Ensure proper input sanitization or escaping to mitigate these threats.",
	Category:    analysis.CategorySecurity,
	Severity:    analysis.SeverityWarning,
	Run:         checkDjangoRequestDataWrite,
}

var DjangoRequestHttpResponse *analysis.Analyzer = &analysis.Analyzer{
	Name:        "django-request-httpresponse",
	Language:    analysis.LangPy,
	Description: "User-controlled data in `HttpResponse` may enable XSS, allowing attackers to steal cookies or sensitive data. Escape or sanitize input to prevent script injection. Use secure templating or built-in encoding to mitigate risks.",
	Category:    analysis.CategorySecurity,
	Severity:    analysis.SeverityWarning,
	Run:         checkDjangoRequestHttpResponse,
}

var DjangoSQLInjection *analysis.Analyzer = &analysis.Analyzer{
	Name:        "django-sql-injection",
	Language:    analysis.LangPy,
	Description: "User-controlled data from a Python request is used in a raw database query, potentially leading to SQL injection and unauthorized data access. Use Django's QuerySets with parameterized queries to prevent injection risks.",
	Category:    analysis.CategorySecurity,
	Severity:    analysis.SeverityWarning,
	Run:         checkDjangoSQLInjection,
}

var FlaskFormatStringReturn *analysis.Analyzer = &analysis.Analyzer{
	Name:        "flask-format-string-return",
	Language:    analysis.LangPy,
	Description: "Returning formatted strings directly from Flask routes creates cross-site scripting vulnerabilities when user input is incorporated without proper escaping. Attackers can inject malicious JavaScript that executes in users' browsers. Flask's template engine with `render_template()` automatically handles proper escaping to prevent these attacks.",
	Category:    analysis.CategorySecurity,
	Severity:    analysis.SeverityWarning,
	Run:         checkFlaskFormatStringReturn,
}

var InsecureUrllibFtp *analysis.Analyzer = &analysis.Analyzer{
	Name:        "insecure-urllib-ftp",
	Language:    analysis.LangPy,
	Description: "An unsecured FTP connection was detected where `ftp://` is being used. Data transmitted over this channel is unencrypted, posing a security risk. It is recommended to use `SFTP` instead. Since `urllib` does not support `SFTP`, consider using a library that provides secure file transfer capabilities.",
	Category:    analysis.CategorySecurity,
	Severity:    analysis.SeverityError,
	Run:         checkInsecureUrllibFtp,
}

var NanInjection *analysis.Analyzer = &analysis.Analyzer{
	Name:        "nan-injection",
	Language:    analysis.LangPy,
	Description: "User input is directly cast to `bool()`, `float()`, or `complex()`, allowing an attacker to inject Python's `NaN`. This can lead to undefined behavior, especially in comparisons. To mitigate this, either use a different type for casting or explicitly check for all capitalizations of 'nan' before conversion.",
	Category:    analysis.CategorySecurity,
	Severity:    analysis.SeverityWarning,
	Run:         checkNanInjection,
}

var OsSystemInjection *analysis.Analyzer = &analysis.Analyzer{
	Name:        "os-system-injection",
	Language:    analysis.LangPy,
	Description: "Command injection vulnerability detected where user-supplied data is passed directly to os.system. This allows attackers to execute arbitrary system commands by injecting shell metacharacters into the input. Replace with subprocess module and pass arguments as a list to properly separate command from parameters.",
	Category:    analysis.CategorySecurity,
	Severity:    analysis.SeverityError,
	Run:         checkOsSystemInjection,
}

var PathTraversalOpen *analysis.Analyzer = &analysis.Analyzer{
	Name:        "path-traversal-open",
	Language:    analysis.LangPy,
	Description: "This vulnerability involves a path traversal risk in the 'open' function call where request data is used without proper validation or sanitization. Attackers could manipulate the file path to access sensitive files outside the intended directory. To mitigate this issue, developers should implement proper path validation using os.path.abspath, os.path.realpath, or the pathlib library.",
	Category:    analysis.CategorySecurity,
	Severity:    analysis.SeverityError,
	Run:         checkPathTraversalOpen,
}

var SSRFInjection *analysis.Analyzer = &analysis.Analyzer{
	Name:        "ssrf-injection",
	Language:    analysis.LangPy,
	Description: "User-supplied data is used in a server-side request, potentially leading to SSRF. Mitigate by validating schemes and hosts against an allowlist, avoiding direct response forwarding, and enforcing authentication and transport-layer security in the proxied request.",
	Category:    analysis.CategorySecurity,
	Severity:    analysis.SeverityWarning,
	Run:         checkSSRFInjection,
}