Semgrep Registry - python.aws-lambda.security.tainted-pickle-deserialization.tainted-pickle-deserialization

Avoid using pickle, which is known to lead to code execution vulnerabilities. When unpickling, the serialized data could be manipulated to run arbitrary code. Instead, consider serializing the relevant data as JSON or a similar text-based serialization format.

Defintion

Open in Playground

rules:
  - id: tainted-pickle-deserialization
    mode: taint
    pattern-sources:
      - patterns:
          - pattern: event
          - pattern-inside: |
              def $HANDLER(event, context):
                ...
    pattern-sinks:
      - patterns:
          - pattern: $SINK
          - pattern-either:
              - pattern-inside: pickle.load($SINK,...)
              - pattern-inside: pickle.loads($SINK,...)
              - pattern-inside: _pickle.load($SINK,...)
              - pattern-inside: _pickle.loads($SINK,...)
              - pattern-inside: cPickle.load($SINK,...)
              - pattern-inside: cPickle.loads($SINK,...)
              - pattern-inside: dill.load($SINK,...)
              - pattern-inside: dill.loads($SINK,...)
              - pattern-inside: shelve.open($SINK,...)
    message: Avoid using `pickle`, which is known to lead to code execution
      vulnerabilities. When unpickling, the serialized data could be manipulated
      to run arbitrary code. Instead, consider serializing the relevant data as
      JSON or a similar text-based serialization format.
    metadata:
      owasp:
        - A08:2017 - Insecure Deserialization
        - A08:2021 - Software and Data Integrity Failures
      cwe:
        - "CWE-502: Deserialization of Untrusted Data"
      references:
        - https://docs.python.org/3/library/pickle.html
        - https://davidhamann.de/2020/04/05/exploiting-python-pickle/
      category: security
      technology:
        - python
        - aws-lambda
      cwe2022-top25: true
      cwe2021-top25: true
      subcategory:
        - vuln
      likelihood: MEDIUM
      impact: MEDIUM
      confidence: MEDIUM
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
    languages:
      - python
    severity: WARNING

import _pickle import cPickle from dill import loads import shelve def lambda_handler(event, context): # ruleid: tainted-pickle-deserialization _pickle.load(event['exploit_code']) # ruleid: tainted-pickle-deserialization obj = cPickle.loads(f"foobar{event['exploit_code']}") # ruleid: tainted-pickle-deserialization loads(event['exploit_code'])(123) # ruleid: tainted-pickle-deserialization with shelve.open(f"/tmp/path/{event['object_path']}") as db: db['eggs'] = 'eggs' # ok: tainted-pickle-deserialization _pickle.loads('hardcoded code') # ok: tainted-pickle-deserialization code = '/file/path' cPickle.load(code) # ok: tainted-pickle-deserialization name = 'foobar' shelve.open(f"/tmp/path/{name}")

python.aws-lambda.security.tainted-pickle-deserialization.tainted-pickle-deserialization

Run Locally

Run in CI

Defintion

Examples

tainted-pickle-deserialization.py