contrib.dlint.dlint-equivalent.insecure-compile-use

returntocorp

Author

221

Download Count*

BSD 3-Clause "New" or "Revised" License

License

The Python 'compile' function is not secure against maliciously constructed input

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: insecure-compile-use
    message: The Python 'compile' function is not secure against maliciously
      constructed input
    languages:
      - python
    severity: WARNING
    metadata:
      source_rule_url: https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO110.md
      category: security
      technology:
        - python
      references:
        - https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO110.md
      owasp:
        - A09:2017 - Using Components with Known Vulnerabilities
        - A06:2021 - Vulnerable and Outdated Components
      cwe:
        - "CWE-95: Improper Neutralization of Directives in Dynamically
          Evaluated Code ('Eval Injection')"
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
    patterns:
      - pattern: compile(...)
      - pattern-not: compile("...")

Short Link: https://sg.run/RoE8