python.lang.security.dangerous-globals-use.dangerous-globals-use
semgrep
Author
7,353
Download Count*
License
Found non static data as an index to 'globals()'. This is extremely dangerous because it allows an attacker to execute arbitrary code on the system. Refactor your code not to use 'globals()'.
Run Locally
Run in CI
Defintion
rules:
- id: dangerous-globals-use
patterns:
- pattern-either:
- pattern: globals().get(...)
- pattern: locals().get(...)
- pattern: globals()[...]
- pattern: locals()[...]
- patterns:
- pattern-either:
- pattern-inside: |
$G = globals()
...
- pattern-inside: |
$G = locals()
...
- pattern-either:
- pattern: $G.get(...)
- pattern: $G[...]
- pattern: $FUNC.__globals__[...]
- pattern-not: globals().get("...")
- pattern-not: locals().get("...")
- pattern-not: globals()["..."]
- pattern-not: locals()["..."]
- pattern-not: $G.get("...")
- pattern-not: $G.get["..."]
- pattern-not: $G["..."]
- pattern-not: $FUNC.__globals__["..."]
- pattern-not-inside: globals()[...] = ...
- pattern-not-inside: locals()[...] = ...
- pattern-not-inside: $G[...] = ...
- pattern-not-inside: $FUNC.__globals__[...] = ...
message: Found non static data as an index to 'globals()'. This is extremely
dangerous because it allows an attacker to execute arbitrary code on the
system. Refactor your code not to use 'globals()'.
metadata:
cwe:
- "CWE-96: Improper Neutralization of Directives in Statically Saved
Code ('Static Code Injection')"
owasp:
- A03:2021 - Injection
references:
- https://github.com/mpirnat/lets-be-bad-guys/blob/d92768fb3ade32956abd53bd6bb06e19d634a084/badguys/vulnerable/views.py#L181-L186
category: security
technology:
- python
subcategory:
- audit
likelihood: LOW
impact: MEDIUM
confidence: LOW
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Code Injection
severity: WARNING
languages:
- python
Examples
dangerous-globals-use.py
def test1(request):
forward = request.GET.get('fwd')
globs = globals()
# ruleid: dangerous-globals-use
function = globs.get(forward)
if function:
return function(request)
env = {'fwd': forward}
return render(request, 'vulnerable/redirects/forward_failed.html', env)
def test2(request):
forward = request.GET.get('fwd')
# ruleid: dangerous-globals-use
function = locals().get(forward)
if function:
return function(request)
env = {'fwd': forward}
return render(request, 'vulnerable/redirects/forward_failed.html', env)
def test3(request):
forward = request.GET.get('fwd')
# ruleid: dangerous-globals-use
function = test1.__globals__[forward]
if function:
return function(request)
env = {'fwd': forward}
return render(request, 'vulnerable/redirects/forward_failed.html', env)
def test4(request):
forward = request.GET.get('fwd')
# ruleid: dangerous-globals-use
result = locals()[forward].__dict__['abs'](-12)
env = {'fwd': forward}
return render(request, 'vulnerable/redirects/forward_failed.html', env)
def okTest():
# ok: dangerous-globals-use
function = locals().get("test3")
if function:
return function(request)
env = {'fwd': forward}
return render(request, 'vulnerable/redirects/forward_failed.html', env)
def okTest():
# ok: dangerous-globals-use
function = locals().get("test3")
if function:
return function(request)
env = {'fwd': forward}
return render(request, 'vulnerable/redirects/forward_failed.html', env)
def okTest2(data):
# ok: dangerous-globals-use
list_of_globals = globals()
list_of_globals["foobar"].update(data)
def okTest3(data):
# ok: dangerous-globals-use
NS = globals()
NS['_foobar_' + data] = smth(data)
Short Link: https://sg.run/jNzn