20 lines
603 B
Plaintext
20 lines
603 B
Plaintext
possible tests:
|
|
- Popen shell=True
|
|
- import of possibly-dangerous imports
|
|
- bad file perms (os.chmod https://docs.python.org/2/library/os.html#os.chmod)
|
|
- taint checking / lack of input validation (object returned by requests.get()/.post() has headers, content, text, json attributes)
|
|
|
|
- hardcoded passwords
|
|
- logging sensitive information
|
|
- sql commands into sql alchemy
|
|
- poor crypto primitives
|
|
- temp file creation
|
|
- wildcard injection
|
|
- port binding 0.0.0.0
|
|
- TLS requests w/out cert checks
|
|
- SSLv2 forced
|
|
- eval/exec functions
|
|
- sudo calls
|
|
- de-serializing (pickle? yaml? json?)
|
|
|