Python Security Vulnerability Egrep Cheatsheet

These are a set of “suspicious” python patterns that might reveal vulnerabilities.

# this command will return places where the application shells out or dynamically executes code:
egrep -r --include "*.py" -e "exec\(|eval\(|subprocess|popen" .

# DJANGO: find places where HTML encoding is turned off via the "safe" attribute:
grep -r --include "*.py" --include "*.html" -e "|safe" .

# DJANGO: find places where unsafe SQL queries are executed:
egrep -r --include "*.py" -e "\.(raw|execute)\(" .

# Non zero values indicate that some sort of CSRF protection is probably enabled.  
# run without "| wc -l" to check CSRF-enabled endpoints and compare that list
# against all endpoints
egrep -r "(?i)csrf" . | wc -l

# returns database connection objects.  look for hardcoded credentials
egrep -r --include "*.py" -e "(MySQLdb\.connect|MySQLDatabase|psycopg2\.connect|sqlalchemy\.create_engine|MongoClient|connect)\(" .

# returns hardcoded credentials
egrep -r --include "*.py" -e "(user|username|pass|password)\s*\=\s*\".*\"" .

# returns hardcoded port
egrep -r --include "*.py" -e "port\s*\=\s*\d+" .

# returns crypto operations
egrep -r --include "*.py" -e "(DES|AES|Crypto|Cipher|hashlib|Random|md5|sha1|sha256|sha512)" .
Home