3
# Copyright 2014 Hewlett-Packard Development Company, L.P.
5
# Licensed under the Apache License, Version 2.0 (the "License"); you may
6
# not use this file except in compliance with the License. You may obtain
7
# a copy of the License at
9
# http://www.apache.org/licenses/LICENSE-2.0
11
# Unless required by applicable law or agreed to in writing, software
12
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14
# License for the specific language governing permissions and limitations
18
from bandit.core.test_properties import *
21
@takes_config('shell_injection')
23
def linux_commands_wildcard_injection(context, config):
24
if not ('shell' in config and 'subprocess' in config):
27
vulnerable_funcs = ['chown', 'chmod', 'tar', 'rsync']
28
if context.call_function_name_qual in config['shell'] or (
29
context.call_function_name_qual in config['subprocess'] and
30
context.check_call_arg_value('shell', 'True')):
31
if context.call_args_count >= 1:
32
call_argument = context.get_call_arg_at_position(0)
34
if isinstance(call_argument, list):
35
for li in call_argument:
36
argument_string = argument_string + ' %s' % li
37
elif isinstance(call_argument, str):
38
argument_string = call_argument
40
if argument_string != '':
41
for vulnerable_func in vulnerable_funcs:
43
vulnerable_func in argument_string and
44
'*' in argument_string
48
confidence=bandit.MEDIUM,
49
text="Possible wildcard injection in call: %s" %
50
context.call_function_name_qual